CVE-2015-4634 — cacti - security update

Description

SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.

How to fix CVE-2015-4634

To remediate CVE-2015-4634, upgrade the affected package to a fixed version below.

Debian/cacti—upgrade to 0.8.8e+ds1-1 or later
Debian/cacti—upgrade to 0.8.7g-1+squeeze7 or later
Debian/cacti—upgrade to 0.8.8a+dfsg-5+deb7u6 or later

Is CVE-2015-4634 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 0.8.8e+ds1-1
from 0, < 0.8.7g-1+squeeze7
from 0, < 0.8.8a+dfsg-5+deb7u6

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-4634