Vulnerabilities > Cacti > Cacti > 0.8.7h
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-29 | CVE-2013-5589 | SQL Injection vulnerability in multiple products SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2013-08-29 | CVE-2013-5588 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php. | 4.3 |
| 2013-08-23 | CVE-2013-1435 | Code Injection vulnerability in Cacti (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | 7.5 |
| 2013-08-23 | CVE-2013-1434 | SQL Injection vulnerability in Cacti Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2012-10-25 | CVE-2011-5223 | Cross-Site Scripting vulnerability in Cacti Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 4.3 |