Vulnerabilities > Cacti > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-22 | CVE-2014-5262 | SQL Injection vulnerability in Cacti SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-08-22 | CVE-2014-5261 | Code Injection vulnerability in Cacti The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php. | 7.5 |
| 2014-06-25 | CVE-2014-4644 | SQL Injection vulnerability in Cacti Superlinks 1.42 SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2014-04-23 | CVE-2014-2709 | Security vulnerability in Cacti 'rrd.php' lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. | 7.5 |
| 2014-04-10 | CVE-2014-2708 | SQL Injection vulnerability in Cacti 0.8.8B Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. | 7.5 |
| 2013-08-29 | CVE-2013-5589 | SQL Injection vulnerability in multiple products SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2013-08-23 | CVE-2013-1435 | Code Injection vulnerability in Cacti (1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | 7.5 |
| 2013-08-23 | CVE-2013-1434 | SQL Injection vulnerability in Cacti Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-12-15 | CVE-2011-4824 | SQL Injection vulnerability in Cacti SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter. | 7.5 |
| 2010-05-27 | CVE-2010-2092 | SQL Injection vulnerability in Cacti SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query. | 7.5 |