CVE-2017-1000031

SQL injection vulnerability in graphtemplatesinputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graphtemplateinputid and graphtemplateid parameters...

CVE-2017-1000031

CVE-2017-1000031 involves a SQL injection in the Cacti project (version 0.8.8b) where the vulnerability is located in the graph_templates_inputs.php mechanism. An attacker can leverage the parameters graph_template_input_id and graph_template_id to execute arbitrary SQL commands remotely. The con...

CVE-2014-4002

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the 1 drpaction parameter to cdef.php, 2 datainput.php, 3 dataqueries.php, 4 datasources.php, 5 datatemplates.php, 6 graphtemplates.php, 7 graphs.php, 8 host.php, or...

CVE-2010-2545

Cacti before 0.8.7g contains multiple XSS vulnerabilities (including CVE-2010-2545) in various templates and admin paths. The GLSA notes remote script injection and the need to upgrade to the 0.8.8+ series as remediation; affected vectors include template name and numerous PHP/graph-related compo...