CVE-2015-8377
cacti - security update
EPSS 0.33%
Description
SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action.
How to fix CVE-2015-8377
To remediate CVE-2015-8377, upgrade the affected package to a fixed version below.
- Debian/cacti—upgrade to 0.8.8f+ds1-4 or later
- Debian/cacti—upgrade to 0.8.8a+dfsg-5+deb7u8 or later
Is CVE-2015-8377 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.8.8f+ds1-4
- from 0, < 0.8.8a+dfsg-5+deb7u8