Candidate: CVE-2015-8369
PublicDate: 2015-12-17 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8369
 http://bugs.cacti.net/view.php?id=2646
Description:
 SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f
 and earlier allows remote attackers to execute arbitrary SQL commands via
 the rra_id parameter in a properties action to graph.php.
Ubuntu-Description:
Notes:
 seth-arnold> $rra_id is string-interpolated in many cases; this may not be
  an isolated occurance of this bug
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807599
Priority: high
Discovered-by:
Assigned-to:
CVSS: 

Patches_cacti:
upstream_cacti: released (0.8.8f+ds1-3)
precise_cacti: ignored (reached end-of-life)
precise/esm_cacti: DNE (precise was needed)
trusty_cacti: released (0.8.8b+dfsg-5ubuntu0.2)
trusty/esm_cacti: DNE (trusty was released [0.8.8b+dfsg-5ubuntu0.2])
vivid_cacti: released (0.8.8b+dfsg-8+deb8u3build0.15.04.1)
vivid/stable-phone-overlay_cacti: DNE
vivid/ubuntu-core_cacti: DNE
wily_cacti: ignored (reached end-of-life)
xenial_cacti: not-affected (0.8.8f+ds1-3)
yakkety_cacti: not-affected (0.8.8f+ds1-3)
zesty_cacti: not-affected (0.8.8f+ds1-3)
devel_cacti: not-affected (0.8.8f+ds1-3)