Arch Linux Security Advisory ASA-201605-14 ========================================== Severity: Medium Date : 2016-05-10 CVE-ID : CVE-2016-3659 Package : cacti Type : sql injection Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package cacti before version 0.8.8_h-1 is vulnerable to sql injection. Resolution ========== Upgrade to 0.8.8_h-1. # pacman -Syu "cacti>=0.8.8_h-1" The problem has been fixed upstream in version 0.8.8h. Workaround ========== None. Description =========== A SQL injection vulnerability has been found in cacti, in the the host_group_data parameter of the graph_view.php file. Impact ====== A remote authenticated attacker can execute arbitrary SQL command on the affected host. References ========== http://bugs.cacti.net/view.php?id=2673 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3659