cacti: Security issues (CVE-2015-8369, CVE-2015-8377)
(CVE-2015-8369) SQL injection in graph.php
SQL Injection of Cacti (0.8.8f and older versions) was discovered in graph.php
(CVE-2015-8377) Cacti graphs_new.php SQL Injection Vulnerability
An SQL injection was found in /cacti/graphs_new.php, affected versions 0.8.8f and older.
References:
http://bugs.cacti.net/view.php?id=2646
http://svn.cacti.net/viewvc?view=rev&revision=7767
http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti\_sqli%281%29.txt
http://lwn.net/Articles/670044/
(from redmine: issue id 4992, created on 2016-01-06, closed on 2016-12-15)
- Relations:
- child #4993 (closed)
- child #4994 (closed)
- child #4995 (closed)
- child #4996 (closed)
- child #4997 (closed)