VuXML: cacti -- Multiple XSS and SQL injection vulnerabilities

VuXML ID	0bfda05f-2e6f-11e5-a4a5-002590263bf5
Discovery	2015-07-12
Entry	2015-07-20

The Cacti Group, Inc. reports:

Important Security Fixes

Multiple XSS and SQL injection vulnerabilities

CVE-2015-4634 - SQL injection in graphs.php

Changelog

bug: Fixed various SQL Injection vectors

bug#0002574: SQL Injection Vulnerabilities in graph items and graph template items

bug#0002577: CVE-2015-4634 - SQL injection in graphs.php

bug#0002579: SQL Injection Vulnerabilities in data sources

bug#0002580: SQL Injection in cdef.php

bug#0002582: SQL Injection in data_templates.php

bug#0002583: SQL Injection in graph_templates.php

bug#0002584: SQL Injection in host_templates.php

[source]

CVE Name	CVE-2015-4634
FreeBSD PR	ports/201702
Message	http://seclists.org/oss-sec/2015/q3/150
URL	http://www.cacti.net/release_notes_0_8_8e.php

cacti -- Multiple XSS and SQL injection vulnerabilities

Details

References