CVE-2007-6035 — SQL Injection in Cacti

CWE-89 — SQL Injection10 documents6 sources

Severity

7.5HIGHNVD

NVD6.5

EPSS

4.5%

top 10.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedNov 20

Latest updateMay 17

Description

SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.7a-1 (bookworm)+1

▶Debiancacti/cacti< 0.8.6f-1+7

▶NVDcacti/cacti0.8.7+1

Patches

Patch: secunia.com ↗Patch: www.cacti.net ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-xqwx-r7c6-p379: SQL injection vulnerability in graph↗2022-05-17

▶

GHSA

GHSA-2p92-ff6g-jxxw: SQL injection vulnerability in graph↗2022-05-01

▶

OSV

CVE-2015-0916: SQL injection vulnerability in graph↗2015-05-22

▶

OSV

CVE-2007-6035: SQL injection vulnerability in graph↗2007-11-20

▶

📋Vendor Advisories

Debian

CVE-2015-0916: cacti - SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote au...↗2015

▶

Red Hat

cacti SQL injection vulnerability↗2007-11-17

▶

Debian

CVE-2007-6035: cacti - SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote at...↗2007

▶

💬Community

Bugzilla

CVE-2007-6035 cacti SQL injection vulnerability↗2007-11-20

▶