SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
CVSS Score
8.8
EPSS Score
0.005
Published
2016-04-11
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
CVSS Score
7.5
EPSS Score
0.007
Published
2015-12-17
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.
CVSS Score
6.5
EPSS Score
0.005
Published
2015-12-15
Page 7