[3.4] cacti: SQL injection in graps_new.php via cg_g parameter (CVE-2015-8604)
An SQL injection in graphs_new.php via cg_g parameter was found affecting version 0.8.8f and older.
Note that this is different from CVE-2015-8377.
References:
http://seclists.org/oss-sec/2016/q1/15
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8604
Patch:
http://bugs.cacti.net/view.php?id=2652
(from redmine: issue id 5201, created on 2016-03-01, closed on 2016-03-07)
- Relations:
- parent #5200 (closed)
- Changesets:
- Revision 81eb7e3b on 2016-03-04T11:07:59Z:
main/cacti: security fix (CVE-2015-8604). Fixes #5201