Description
Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows
remote attackers to inject arbitrary web script or HTML via unspecified
vectors (CVE-2015-2665).
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers
to execute arbitrary SQL commands via unspecified vectors involving a cdef
id (CVE-2015-4342).
SQL injection vulnerability in the get_hash_graph_template function in
lib/functions.php in Cacti before 0.8.8d allows remote attackers to
execute arbitrary SQL commands via the graph_template_id parameter to
graph_templates.php (CVE-2015-4454).
SQL injection vulnerability in Cacti before 0.8.8e in graphs.php
(CVE-2015-4634).
The cacti package has been updated to version 0.8.8e, which fixes this
issue, as well as other SQL injection and XSS issues and other bugs