cacti: SQL injection in graps_new.php via cg_g parameter (CVE-2015-8604)
An SQL injection in graphs_new.php via cg_g parameter was found affecting version 0.8.8f and older.
Note that this is different from CVE-2015-8377.
References:
http://seclists.org/oss-sec/2016/q1/15
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8604
Patch:
http://bugs.cacti.net/view.php?id=2652
(from redmine: issue id 5200, created on 2016-03-01, closed on 2016-03-07)
- Relations:
- child #5201 (closed)
- child #5202 (closed)
- child #5203 (closed)
- child #5204 (closed)
- child #5205 (closed)