CVE-2017-1000031 — SQL Injection in Cacti

CWE-89 — SQL Injection4 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.1%

top 22.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedJul 17

Latest updateMay 17

Description

SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.8e+ds1-1 (bookworm)

▶Debiancacti/cacti< 0.8.8e+ds1-1+3

▶NVDcacti/cacti0.8.8b

🔴Vulnerability Details

GHSA

GHSA-33c8-cpc2-747q: SQL injection vulnerability in graph_templates_inputs↗2022-05-17

▶

OSV

CVE-2017-1000031: SQL injection vulnerability in graph_templates_inputs↗2017-07-17

▶

📋Vendor Advisories

Debian

CVE-2017-1000031: cacti - SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows...↗2017

▶