The vulnerability of the `host_new_graphs_save()` function in the Cacti network monitoring software (graphs_new.php) allows a attacker to execute arbitrary code.

The vulnerability of the hostnewgraphssave function in the Cacti network monitoring software’s script graphsnew.php involves the restoration of unreliable data in memory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code using specially...

PT-2023-4942 · Cacti +2 · Cacti +2

Name of the Vulnerable Software and Affected Versions: Cacti versions 1.2.24 Description: The issue is related to insecure deserialization in Cacti, specifically within the host new graphs save function in graphs new.php. This is due to the use of the unserialize function without sanitizing user...

DEBIAN-CVE-2015-8604

SQL injection vulnerability in the hostnewgraphs function in graphsnew.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cgg parameter in a save action...

UBUNTU-CVE-2015-8377

SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selectedgraphsarray parameter in a save action...