SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
Debian Bug report logs -
#818647
cacti: CVE-2016-3172
Package:
src:cacti;
Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sat, 19 Mar 2016 06:21:01 UTC
Severity: important
Tags: patch, security, upstream
Found in vers ...
SQL injection vulnerability in graph_viewphp in Cacti 088g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter (CVE-2016-3659) ...