CVE-2015-0916 Information

Description

SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter a different vulnerability than CVE-2007-6035.

Reference

http://jvn.jp/en/jp/JVN18957556/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000064 http://www.cacti.net/release_notes_0_8_6f.php