The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface allows a attacker to execute arbitrary SQL commands.

The vulnerability of the Graph Template component of the Centreon IT infrastructure monitoring software’s web interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...

CVE-2024-33854

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23...

CVE-2024-33854

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23...

CVE-2024-33854

Centreon Web contains a SQL Injection in the Graph Template component. Affected versions are 22.10.0–22.10.22, 23.04.0–23.04.18, 23.10.0–23.10.12, and 24.04.0–24.04.2; fixed in 22.10.23, 23.04.19, 23.10.13, and 24.04.3 respectively. Root cause is lack of protection of the SQL query structure. Rem...

Centreon Web 安全漏洞

Centreon Web is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for resources such as networks, systems and applications. A security vulnerability exists in Centreon Web that stems from a SQL injection vulnerability in t...

PT-2024-5844 · Centreon · Centreon Web

Name of the Vulnerable Software and Affected Versions: Centreon Web versions 22.10.0 through 22.10.22 Centreon Web versions 23.04.0 through 23.04.18 Centreon Web versions 23.10.0 through 23.10.12 Centreon Web versions 24.04.0 through 24.04.2 Description: A SQL Injection vulnerability exists in th...

UBUNTU-CVE-2024-31458

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in formsave function in graphtemplateinputs.php is not thoroughly checked and is used to concatenate the SQL statement in drawnontemplatedfieldsgraphitem function from...

SUSE CVE-2010-1645

Cacti before 0.8.7f, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in 1 the FQDN field of a Device or 2 the Vertical Label field of a Graph Template...

SUSE CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

SUSE CVE-2015-4454

SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...

SUSE CVE-2017-1000031

SQL injection vulnerability in graphtemplatesinputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graphtemplateinputid and graphtemplateid parameters...

Security update for cacti, cacti-spine (moderate)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2022:0145-1 Rating: moderate References: 1192408 1196692 Cross-References: CVE-2022-0730 CVSS scores: CVE-2022-0730 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux...

CVE-2020-9350

Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly...

DEBIAN-CVE-2017-1000031

SQL injection vulnerability in graphtemplatesinputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graphtemplateinputid and graphtemplateid parameters...

Cacti 'get_hash_graph_template' function SQL injection vulnerability

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti Group. The tool through snmpget to obtain data , using RRDtool drawing graphs to analyze , and provide data and user management features . A SQL injection vulnerability exists in the 'gethashgraphtemplate...

DEBIAN-CVE-2015-4454

SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...

UBUNTU-CVE-2015-4454

SQL injection vulnerability in the gethashgraphtemplate function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graphtemplateid parameter to graphtemplates.php...

cacti -- Multiple XSS and SQL injection vulnerabilities

The Cacti Group, Inc. reports: Important Security Fixes Multiple XSS and SQL injection vulnerabilities Changelog bug: Fixed SQL injection VN: JVN78187936 / TN:JPCERT98968540 bug0002542: FG-VD-15-017 Cacti Cross-Site Scripting Vulnerability Notification bug0002571: SQL Injection and Location heade...

DEBIAN-CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...