CVE-2015-8369
Published: 17 December 2015
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Notes
Author | Note |
---|---|
seth-arnold | $rra_id is string-interpolated in many cases; this may not be an isolated occurance of this bug |
Priority
Status
Package | Release | Status |
---|---|---|
cacti Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Released
(0.8.8b+dfsg-5ubuntu0.2)
|
|
upstream |
Released
(0.8.8f+ds1-3)
|
|
vivid |
Released
(0.8.8b+dfsg-8+deb8u3build0.15.04.1)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(0.8.8f+ds1-3)
|
|
yakkety |
Not vulnerable
(0.8.8f+ds1-3)
|
|
zesty |
Not vulnerable
(0.8.8f+ds1-3)
|