CVE-2015-8377 — SQL Injection in Cacti

CWE-89 — SQL Injection7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 44.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedDec 15

Latest updateMay 17

Description

SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.8f+ds1-4 (bookworm)

▶Debiancacti/cacti< 0.8.8f+ds1-4+3

▶NVDcacti/cacti0.8.8f

🔴Vulnerability Details

GHSA

GHSA-6mcp-hm3f-5j68: SQL injection vulnerability in the host_new_graphs_save function in graphs_new↗2022-05-17

▶

OSV

CVE-2015-8377: SQL injection vulnerability in the host_new_graphs_save function in graphs_new↗2015-12-15

▶

📋Vendor Advisories

Debian

CVE-2015-8377: cacti - SQL injection vulnerability in the host_new_graphs_save function in graphs_new.p...↗2015

▶

💬Community

Bugzilla

CVE-2015-8604 cacti: SQL injection in graps_new.php via cg_g parameter↗2016-01-05

▶

Bugzilla

CVE-2015-8377 cacti: SQL injection in graphs_new.php↗2015-12-14

▶

Bugzilla

CVE-2015-8377 cacti: SQL injection in graphs_new.php [epel-all]↗2015-12-14

▶