CVE-2015-4634 - Dead letter Groves

Description

SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.

Reference

http://bugs.cacti.net/view.php?id=2577 http://www.cacti.net/release_notes_0_8_8e.php http://lists.opensuse.org/opensuse-updates/2015-07/msg00052.html http://www.debian.org/security/2015/dsa-3312 http://www.securitytracker.com/id/1032989