Medium: cacti

2016-06-02T18:14:00
ID ALAS-2016-711
Type amazon
Reporter Amazon
Modified 2016-06-03T20:10:00

Description

Issue Overview:

SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. (CVE-2016-3659)

Affected Packages:

cacti

Issue Correction:
Run yum update cacti to update your system.

New Packages:

noarch:  
    cacti-0.8.8h-1.13.amzn1.noarch

src:  
    cacti-0.8.8h-1.13.amzn1.src