Do9Gy

**Name of the Vulnerable Software and Affected Versions** Cacti versions 0.8.8g and earlier **Description** The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the `parent id` parameter in an "item edit" action in the tree.php file. **Recommendations** For versions 0.8.8g and earlier, consider restricting access to the tree.php file until a patch is available. As a temporary workaround, avoid using the `parent id` parameter in the item edit action to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 4.0.x through 4.0.10.12 phpMyAdmin versions 4.4.x through 4.4.15.2 phpMyAdmin versions 4.5.x through 4.5.3.1 **Description** The issue allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. This occurs in the libraries/config/messages.inc.php file. **Recommendations** For phpMyAdmin versions 4.0.x through 4.0.10.12, update to version 4.0.10.12 or later. For phpMyAdmin versions 4.4.x through 4.4.15.2, update to version 4.4.15.2 or later. For phpMyAdmin versions 4.5.x through 4.5.3.1, update to version 4.5.3.1 or later.