7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
78.8%
Several SQL injection vulnerabilities were discovered in cacti, a
frontend to rrdtool for monitoring systems and service:
Currently unknown or unassigned CVE’s
SQL injection vulnerability in Cacti before 0.8.8e allows remote
attackers to execute arbitrary SQL commands in cdef.php, color.php,
data_input.php, data_queries.php, data_sources.php,
data_templates.php, gprint_presets.php, graph_templates.php,
graph_templates_items.php, graphs_items.php, host.php,
host_templates.php, lib/functions.php, rra.php, tree.php and
user_admin.php
For the oldoldstable distribution (squeeze), these problems have been
fixed in version 0.8.7g-1+squeeze7.