CVE-2016-3659

Published: 11 April 2016

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
cacti
Launchpad, Ubuntu, Debian
Upstream
Released (0.8.8h+ds1-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.8.8f+ds1-4ubuntu4.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.8.8b+dfsg-5ubuntu0.2])