CVE-2015-8369
Published: 17 December 2015
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
Notes
| Author | Note |
|---|---|
| seth-arnold | $rra_id is string-interpolated in many cases; this may not be an isolated occurance of this bug |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cacti Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
| trusty |
Released
(0.8.8b+dfsg-5ubuntu0.2)
|
|
| upstream |
Released
(0.8.8f+ds1-3)
|
|
| vivid |
Released
(0.8.8b+dfsg-8+deb8u3build0.15.04.1)
|
|
| wily |
Ignored
(end of life)
|
|
| xenial |
Not vulnerable
(0.8.8f+ds1-3)
|
|
| yakkety |
Not vulnerable
(0.8.8f+ds1-3)
|
|
| zesty |
Not vulnerable
(0.8.8f+ds1-3)
|