51 matches found
PT-2026-44880
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Attackers can send GET requests to inc types graph.php with crafted SQL payloads to extract sensitive...
CVE-2019-12240
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via svalues, tvalues, or cvalues in graph.php...
EUVD-2015-8253
Malware in sbrugna...
EUVD-2019-3885
Malware in sbrugna...
EUVD-2010-2547
Malware in sbrugna...
CVE-2023-48294
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to graph.php to access graphs generated on t...
SUSE CVE-2007-6035
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the localgraphid parameter...
SUSE CVE-2009-4032
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...
SUSE CVE-2010-2092
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rraid parameter in a GET request in conjunction with a valid rraid value in a POST request or a cookie, which causes the POST or cookie value to bypass the...
Sql injection
An issue was discovered in LibreNMS through 1.47. It does not parameterize all user supplied input within database queries, resulting in SQL injection. An authenticated attacker can subvert these database queries to extract or manipulate data, as demonstrated by the graph.php sort parameter...
CVE-2019-12240
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via svalues, tvalues, or cvalues in graph.php...
Deserialization of untrusted data
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via svalues, tvalues, or cvalues in graph.php...
CVE-2019-12240
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via svalues, tvalues, or cvalues in graph.php...
CVE-2019-12240
The Virim plugin 0.4 for WordPress allows Insecure Deserialization via svalues, tvalues, or cvalues in graph.php...
Command injection
Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php...
CVE-2018-20727
CVE-2018-20727 affects NeDi prior to 1.7Cp3. The vulnerability allows authenticated users to perform server-side command execution via user-controlled parameters: flt (Nodes-Traffic.php), dv (Devices-Graph.php), or tit (drawmap.php). This is a command-injection flaw arising from insufficient inpu...
Cisco Prime Network Analysis Module graph sfile Parameter Directory Traversal Arbitrary File Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Cisco Prime Network Analysis Module. Authentication is not required to exploit this vulnerability. The specific flaw exists within graph.php. When parsing the sfile parameter, the script does not...
sealevel.info XSS vulnerability
Vulnerable URL: http://sealevel.info/MSLgraph.php?id=13'" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3448409 VIP website status:| No Coordinated Disclosure Timeline: Descriptio...
amsat.org XSS vulnerability
Vulnerable URL: http://www.amsat.org/tlm/graph.php?sat=1"...
cacti: sql injection
CVE-2015-8604 sql injection SQL injection in graphsnew.php. - CVE-2015-8377 sql injection SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php. - CVE-2015-8369 sql injection SQL injection in graph.php...