7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.7 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.3%
Package : cacti
Version : 0.8.7g-1+squeeze7
CVE ID : CVE-2015-4634
Debian Bug : NA
Several SQL injection vulnerabilities were discovered in cacti, a
frontend to rrdtool for monitoring systems and service:
CVE-2015-4634
SQL injection vulnerability in Cacti before 0.8.8e allows remote
attackers to execute arbitrary SQL commands in graphs.php
Currently unknown or unassigned CVE's
SQL injection vulnerability in Cacti before 0.8.8e allows remote
attackers to execute arbitrary SQL commands in cdef.php, color.php,
data_input.php, data_queries.php, data_sources.php,
data_templates.php, gprint_presets.php, graph_templates.php,
graph_templates_items.php, graphs_items.php, host.php,
host_templates.php, lib/functions.php, rra.php, tree.php and
user_admin.php
For the oldoldstable distribution (squeeze), these problems have been
fixed in version 0.8.7g-1+squeeze7.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | cacti | < 0.8.7g-1+squeeze7 | cacti_0.8.7g-1+squeeze7_all.deb |
Debian | 8 | all | cacti | < 0.8.8b+dfsg-8+deb8u2 | cacti_0.8.8b+dfsg-8+deb8u2_all.deb |
Debian | 7 | all | cacti | < 0.8.8a+dfsg-5+deb7u6 | cacti_0.8.8a+dfsg-5+deb7u6_all.deb |