Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-8604

SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.

Related bugs and status

CVE-2015-8604 (Candidate) is related to these bugs:

Bug #1663891: Security uploads for cacti (trusty and xenial)

		In	Importance	Status
1663891	Security uploads for cacti (trusty and xenial)	cacti (Ubuntu)	Medium	Fix Released
1663891	Security uploads for cacti (trusty and xenial)	cacti (Ubuntu Xenial)	Medium	Fix Released
1663891	Security uploads for cacti (trusty and xenial)	cacti (Ubuntu Trusty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

FULLDISC: 20160108 [CVE-2015-860...
MLIST: [oss-security] 2016010...
MLIST: [oss-security] 2016010...
MISC: http://bugs.cacti.net/...
MISC: http://packetstormsecu...
SECTRACK: 1034573
GENTOO: GLSA-201607-05
DEBIAN: DSA-3494