1. Home
  2. Vulnerabilities
  3. CVE-2015-4454

CVE-2015-4454

CVSS v2.0 7.5 (High)
75% Progress
EPSS 0.53 % (77th)
0.53% Progress
Affected Products 2
Advisories 5
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.

Weaknesses
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2015-06-17 18:59:09
(9 years ago)
Updated Date
2017-11-04 01:29:05
(6 years ago)

Affected Products

Cacti

Fedoraproject

Configuration #1

    CPE23 From Up To
  Cacti 0.8.8c and prior versions cpe:2.3:a:cacti:cacti <= 0.8.8c

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 22 cpe:2.3:o:fedoraproject:fedora:22
  Fedoraproject Fedora 23 cpe:2.3:o:fedoraproject:fedora:23
  Fedoraproject Fedora 24 cpe:2.3:o:fedoraproject:fedora:24