CVE-2014-2708

Published: 10 April 2014

Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.

Priority

Status

Package	Release	Status
cacti Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Ignored (end of life)
	quantal	Ignored (end of life)
	saucy	Ignored (end of life)
	trusty	Not vulnerable (0.8.8b+dfsg-5)
	upstream	Needed
	utopic	Not vulnerable (0.8.8b+dfsg-5)
	vivid	Not vulnerable (0.8.8b+dfsg-5)
	wily	Not vulnerable (0.8.8b+dfsg-5)
	xenial	Not vulnerable (0.8.8b+dfsg-5)
	yakkety	Not vulnerable (0.8.8b+dfsg-5)
	zesty	Not vulnerable (0.8.8b+dfsg-5)
	Patches: upstream: http://svn.cacti.net/viewvc?view=rev&revision=7439

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2014-2708

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading