CVE-2014-5262

SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
cacticacti
𝑥
≤ 0.8.8b
cacticacti
0.8.6e:e
cacticacti
0.8.7
cacticacti
0.8.7a:a
cacticacti
0.8.7b:b
cacticacti
0.8.7c:c
cacticacti
0.8.7d:d
cacticacti
0.8.7e:e
cacticacti
0.8.7f:f
cacticacti
0.8.7g:g
cacticacti
0.8.7i:i
cacticacti
0.8.8
cacticacti
0.8.8a:a
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cacti
bullseye
1.2.16+ds1-2+deb11u3
fixed
bullseye (security)
1.2.16+ds1-2+deb11u4
fixed
bookworm
1.2.24+ds1-1+deb12u4
fixed
bookworm (security)
1.2.24+ds1-1+deb12u2
fixed
sid
1.2.28+ds1-2
fixed
trixie
1.2.28+ds1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cacti
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
Fixed 0.8.8b+dfsg-5ubuntu0.1
released
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://seclists.org/oss-sec/2014/q3/351
http://seclists.org/oss-sec/2014/q3/386
http://svn.cacti.net/viewvc?view=rev&revision=7454
http://www.debian.org/security/2014/dsa-3007
http://www.securityfocus.com/bid/69213
https://bugzilla.redhat.com/show_bug.cgi?id=1127165
https://exchange.xforce.ibmcloud.com/vulnerabilities/95292
https://security.gentoo.org/glsa/201607-05
http://seclists.org/oss-sec/2014/q3/351
http://seclists.org/oss-sec/2014/q3/386
http://svn.cacti.net/viewvc?view=rev&revision=7454
http://www.debian.org/security/2014/dsa-3007
http://www.securityfocus.com/bid/69213
https://bugzilla.redhat.com/show_bug.cgi?id=1127165
https://exchange.xforce.ibmcloud.com/vulnerabilities/95292
https://security.gentoo.org/glsa/201607-05