Cacti host_new_graphs_save function SQL Injection Vulnerability (CVE-2015-8377)

Cacti host_new_graphs_save function SQL Injection Vulnerability (CVE-2015-8377)
Cacti host_new_graphs_save function SQL Injection Vulnerability (CVE-2015-8377)

Release date:
Updated on:

Affected Systems:

Cacti Cacti <= 0.8.8f

Description:

CVE (CAN) ID: CVE-2015-8377

Cacti is a database round robin (RRD) tool that helps you create images from database information. It has multiple Linux versions.

In Cacti 0.8.8f and earlier versions, the host_new_graphs_save function in graphs_new.php has the SQL injection vulnerability. The serialized data constructed in the selected_graphs_array parameter in the save operation can be used by authenticated remote users to execute arbitrary SQL commands.

<* Source: Cacti
*>

Suggestion:

Vendor patch:

Cacti
-----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://cacti.net/

Reference: http://seclists.org/fulldisclosure/2015/Dec/57

-------------------------------------- Split line --------------------------------------

In RHEL6.4, the Cacti + Spine monitoring host is used to send mail alarms.

Use Cacti + Spine to monitor remote hosts in RHEL6.4

CentOS 5.5 complete installation of Cacti + Spine

Cacti construction document under CentOS 6

Detailed description of Cacti monitoring deployment under RHEL5.9

How to install Cacti in CentOS 6.3

Quick installation and configuration of Cacti in CentOS Linux

-------------------------------------- Split line --------------------------------------

Cacti details: click here
Cacti: click here

This article permanently updates the link address: