Arch Linux Security Advisory ASA-201605-14
=========================================
Severity: Medium
Date : 2016-05-10
CVE-ID : CVE-2016-3659
Package : cacti
Type : sql injection
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE
Summary
======
The package cacti before version 0.8.8_h-1 is vulnerable to sql injection.
Resolution
=========
Upgrade to 0.8.8_h-1.
# pacman -Syu "cacti>=0.8.8_h-1"
The problem has been fixed upstream in version 0.8.8h.
Workaround
=========
None.
Description
==========
A SQL injection vulnerability has been found in cacti, in the the
host_group_data parameter of the graph_view.php file.
Impact
=====
A remote authenticated attacker can execute arbitrary SQL command on the
affected host.
References
=========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3659