Various cross-site scripting (XSS) flaws (CVE-2013-5588, CVE-2014-5025, CVE-2014-5026) and various SQL injection flaws (CVE-2013-5589, CVE-2015-4342, CVE-2015-4634, CVE-2015-8377, CVE-2015-8604) were discovered affecting versions of Cacti prior to 0.8.8g. Cross-site scripting (XSS) vulnerability in Cacti prior to 0.8.8d allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. (CVE-2015-2665) SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti prior to 0.8.8d allows remote malicious users to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. (CVE-2015-4454)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian debian linux 7.0 |
||
cacti cacti 0.8.8b |
||
opensuse opensuse 13.1 |
||
opensuse opensuse 13.2 |