CVE-2015-4634 — SQL Injection in Cacti

CWE-89 — SQL Injection7 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 38.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedAug 11

Latest updateMay 17

Description

SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.8e+ds1-1 (bookworm)

▶Debiancacti/cacti< 0.8.8e+ds1-1+3

▶NVDcacti/cacti0.8.8d

🔴Vulnerability Details

GHSA

GHSA-j268-9gfj-xh5m: SQL injection vulnerability in graphs↗2022-05-17

▶

OSV

CVE-2015-4634: SQL injection vulnerability in graphs↗2015-08-11

▶

📋Vendor Advisories

Debian

CVE-2015-4634: cacti - SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote a...↗2015

▶

💬Community

Bugzilla

CVE-2015-4634 cacti: multiple SQL injection flaws fixed in 0.8.8e↗2015-07-14

▶

Bugzilla

CVE-2015-4634 cacti: multiple SQL injection flaws fixed in Cacti 0.8.8e [fedora-21]↗2015-07-14

▶

Bugzilla

CVE-2015-4634 cacti: multiple SQL injection flaws fixed in Cacti 0.8.8e [epel-all]↗2015-07-14

▶