CVE-2015-4342 — SQL Injection in Cacti

CWE-89 — SQL Injection8 documents6 sources

Severity

7.5HIGHNVD

EPSS

3.8%

top 11.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti Fedoraproject Fedora

Timeline

PublishedJun 17

Latest updateMay 17

Description

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.8d+ds1-1 (bookworm)

▶Debiancacti/cacti< 0.8.8d+ds1-1+3

▶NVDcacti/cacti0.8.8c

Also affects: Fedora 22, 23, 24

Patches

Patch: www.cacti.net ↗Patch: www.cacti.net ↗

🔴Vulnerability Details

GHSA

GHSA-v774-w7w7-mvrg: SQL injection vulnerability in Cacti before 0↗2022-05-17

▶

OSV

CVE-2015-4342: SQL injection vulnerability in Cacti before 0↗2015-06-17

▶

📋Vendor Advisories

Debian

CVE-2015-4342: cacti - SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to ex...↗2015

▶

📄Research Papers

arXiv

On the Effectiveness of Clone Detection for Detecting IoT-related Vulnerable Clones↗2021-10-20

▶

💬Community

Bugzilla

CVE-2015-4342 cacti: SQL Injection and Location header injection from cdef id [epel-all]↗2015-06-10

▶

Bugzilla

CVE-2015-4342 cacti: SQL Injection and Location header injection from cdef id↗2015-06-10

▶

Bugzilla

CVE-2015-4342 cacti: SQL Injection and Location header injection from cdef id [fedora-all]↗2015-06-10

▶