Multiple SQL injection vulnerabilities in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cacti cacti 0.8.1 |
||
cacti cacti 0.8.2 |
||
cacti cacti 0.8.6f |
||
cacti cacti 0.8.6i |
||
cacti cacti 0.6.7 |
||
cacti cacti 0.8 |
||
cacti cacti 0.8.5a |
||
cacti cacti 0.8.6c |
||
cacti cacti 0.8.3a |
||
cacti cacti 0.8.4 |
||
cacti cacti 0.8.5 |
||
cacti cacti 0.8.7a |
||
cacti cacti 0.8.2a |
||
cacti cacti 0.8.3 |
||
cacti cacti 0.8.6j |
||
cacti cacti 0.8.7 |