Published: 10/04/2014 Updated: 29/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti cacti 0.8.8b

Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool For the stable distribution (wheezy), these problems have been fixed in version 088a+dfsg-5+deb7u3 For the testing distribution (jessie), these problems have been fixed in ver ...

Debian Bug report logs - #752573 cacti: CVE-2014-4002 Cross-Site Scripting Vulnerability Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Paul Gevers <elbrus@debianorg> Date: Tue, 24 Jun 2014 19:57:06 ...

Debian Bug report logs - #743565 cacti: CVE-2014-2708 CVE-2014-2709 Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 3 Apr 2014 19:33:01 UTC Severit ...

Debian Bug report logs - #742768 cacti: CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Mar 2014 07:03:01 UTC ...

Cross-site request forgery (CSRF) vulnerability in Cacti 087g, 088b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users Cross-site scripting (XSS) vulnerability in cdefphp in Cacti 0 ...

CWE-89 http://svn.cacti.net/viewvc?view=rev&revision=7439 http://www.securityfocus.com/bid/66555 http://seclists.org/oss-sec/2014/q2/15 http://seclists.org/oss-sec/2014/q2/2 https://bugzilla.redhat.com/show_bug.cgi?id=1084258 http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 http://secunia.com/advisories/57647 http://bugs.cacti.net/view.php?id=2405 http://secunia.com/advisories/59203 http://www.debian.org/security/2014/dsa-2970 https://security.gentoo.org/glsa/201509-03 https://exchange.xforce.ibmcloud.com/vulnerabilities/92278 https://nvd.nist.gov https://www.debian.org/security/./dsa-2970

CVE-2014-2708

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect