CVE-2016-3659 — SQL Injection in Cacti

CWE-89 — SQL Injection6 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 30.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedApr 11

Latest updateMay 17

Description

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.8h+ds1-1 (bookworm)

▶Debiancacti/cacti< 0.8.8h+ds1-1+3

▶NVDcacti/cacti0.8.8g

🔴Vulnerability Details

GHSA

GHSA-gfqc-77c8-mw92: SQL injection vulnerability in graph_view↗2022-05-17

▶

OSV

CVE-2016-3659: SQL injection vulnerability in graph_view↗2016-04-11

▶

📋Vendor Advisories

Debian

CVE-2016-3659: cacti - SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote aut...↗2016

▶

💬Community

Bugzilla

CVE-2016-3659 cacti: SQL injection vulnerability in graph_view.php [epel-all]↗2016-04-05

▶

Bugzilla

CVE-2016-3659 cacti: SQL injection vulnerability in graph_view.php↗2016-04-05

▶