Vulnerability Name: | CVE-2015-8377 (CCN-108920) | ||||||||||||||||||||||||||||||||
Assigned: | 2015-12-13 | ||||||||||||||||||||||||||||||||
Published: | 2015-12-13 | ||||||||||||||||||||||||||||||||
Updated: | 2016-12-07 | ||||||||||||||||||||||||||||||||
Summary: | SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) 6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:H/RL:U/RC:R)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-89 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-8377 Source: CCN Type: Full-Disclosure Mailing List, Sun, 13 Dec 2015 16:16:47 +0800 [CVE-2015-8377] Cacti graphs_new.php SQL Injection Vulnerability Source: FULLDISC Type: Exploit 20151213 [CVE-2015-8377] Cacti graphs_new.php SQL Injection Vulnerability Source: CCN Type: Cacti Web site Cacti Source: DEBIAN Type: UNKNOWN DSA-3494 Source: SECTRACK Type: UNKNOWN 1034498 Source: XF Type: UNKNOWN cacti-graphsnew-sql-injection(108920) Source: GENTOO Type: UNKNOWN GLSA-201607-05 | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |