1. Home
  2. Vulnerabilities
  3. CVE-2015-8369

CVE-2015-8369

CVSS v2.0 7.5 (High)
75% Progress
EPSS 1.39 % (87th)
1.39% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.

Weaknesses
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2015-12-17 19:59:11
(8 years ago)
Updated Date
2016-12-07 18:27:09
(7 years ago)

Affected Products

Cacti

Configuration #1

    CPE23 From Up To
  Cacti 0.8.8f and prior versions cpe:2.3:a:cacti:cacti <= 0.8.8f