SQL injection vulnerability in Cacti network statistics program
An SQL injection vulnerability in the Cacti network statistics program can be exploited by attackers to pass their own commands to the underlying database. It may be possible to exploit this to view protected content or manipulate content. The cause is the failure to filter the local_graph_id parameter in the graph.php script. Updating to version 0.8.7a should fix the problem.
- Release Notes 0.8.7a, information on cacti.net