High severity8.8NVD Advisory· Published Apr 11, 2016· Updated Jun 17, 2026
CVE-2015-8604
CVE-2015-8604
Description
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*range: <=0.8.8f
- (no CPE)range: <=0.8.8f
Patches
Vulnerability mechanics
References
8- bugs.cacti.net/view.phpnvdExploit
- packetstormsecurity.com/files/135191/Cacti-0.8.8f-graphs_new.php-SQL-Injection.htmlnvdExploit
- seclists.org/fulldisclosure/2016/Jan/16nvdExploit
- www.debian.org/security/2016/dsa-3494nvd
- www.openwall.com/lists/oss-security/2016/01/04/8nvd
- www.openwall.com/lists/oss-security/2016/01/04/9nvd
- www.securitytracker.com/id/1034573nvd
- security.gentoo.org/glsa/201607-05nvd
News mentions
0No linked articles in our index yet.