Unrated severityNVD Advisory· Published Apr 10, 2014· Updated May 6, 2026
CVE-2014-2708
CVE-2014-2708
Description
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:cacti:cacti:0.8.8b:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cacti:cacti:0.8.8b:*:*:*:*:*:*:*
- (no CPE)range: <=0.8.8b
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- svn.cacti.net/viewvcnvdPatch
- bugs.cacti.net/view.phpnvd
- lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.htmlnvd
- seclists.org/oss-sec/2014/q2/15nvd
- seclists.org/oss-sec/2014/q2/2nvd
- secunia.com/advisories/57647nvd
- secunia.com/advisories/59203nvd
- www.debian.org/security/2014/dsa-2970nvd
- www.securityfocus.com/bid/66555nvd
- bugs.debian.org/cgi-bin/bugreport.cginvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/92278nvd
- security.gentoo.org/glsa/201509-03nvd
News mentions
0No linked articles in our index yet.