Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201602-24 ========================================= Severity: High Date : 2016-02-28 CVE-ID : CVE-2015-8604 CVE-2015-8377 CVE-2015-8369 Package : cacti Type : sql injection Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package cacti before version 0.8.8_g-2 is vulnerable to sql injection. Resolution ========= Upgrade to 0.8.8_g-2. # pacman -Syu "cacti>=0.8.8_g-2" The problem has been fixed upstream in version 0.8.8_g. Workaround ========= None. Description ========== - CVE-2015-8604 (sql injection) SQL injection in graphs_new.php. - CVE-2015-8377 (sql injection) SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php. - CVE-2015-8369 (sql injection) SQL injection in graph.php. Impact ===== A remote attacker is able to get access to the cacti database. References ========= https://www.openwall.com/lists/oss-security/2016/01/04/8 https://bugs.mageia.org/show_bug.cgi?id=17352