VDB
GCVE-110-MAGEIA-2015-306
GCVE-110-MAGEIA-2015-306
Advisory Published
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows
remote attackers to inject arbitrary web script or HTML via unspecified
vectors (CVE-2015-2665).
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers
to execute arbitrary SQL commands via unspecified vectors involving a cdef
id (CVE-2015-4342).
SQL injection vulnerability in the get_hash_graph_template function in
lib/functions.php in Cacti before 0.8.8d allows remote attackers to
execute arbitrary SQL commands via the graph_template_id parameter to
graph_templates.php (CVE-2015-4454).
SQL injection vulnerability in Cacti before 0.8.8e in graphs.php
(CVE-2015-4634).
The cacti package has been updated to version 0.8.8e, which fixes this
issue, as well as other SQL injection and XSS issues and other bugs
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | cacti | 0 (affected), 0.8.8f-1.mga4 (unaffected) | — |
| Mageia | cacti | 0 (affected), * (unaffected) | — |
References
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.