CVE-2015-8377

EPSS 0.33%

cacti - security update

Published: 12/15/2015Modified: 5/27/2026

Description

SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.

Affected packages (2)

Debian/cactifrom 0, < 0.8.8f+ds1-4
Debian/cactifrom 0, < 0.8.8a+dfsg-5+deb7u8

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-8377