SQL injection vulnerability in graphs.php in Cacti prior to 0.8.8e allows remote malicious users to execute arbitrary SQL commands via the local_graph_id parameter.
Multiple SQL injection vulnerabilities were discovered in cacti, a web
interface for graphing of monitoring systems
For the oldstable distribution (wheezy), this problem has been fixed
in version 088a+dfsg-5+deb7u6
For the stable distribution (jessie), this problem has been fixed in
version 088b+dfsg-8+deb8u2
For the testing distribution (st ...
Various cross-site scripting (XSS) flaws (CVE-2013-5588, CVE-2014-5025, CVE-2014-5026) and various SQL injection flaws (CVE-2013-5589, CVE-2015-4342, CVE-2015-4634, CVE-2015-8377, CVE-2015-8604) were discovered affecting versions of Cacti prior to 088g
Cross-site scripting (XSS) vulnerability in Cacti before 088d allows remote attackers to inj ...