CVE-2015-4454

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 0.8.8d

Description The issue concerns a SQL injection vulnerability in the get hash graph template function. This vulnerability allows remote attackers to execute arbitrary SQL commands via the graph template id parameter in the "graph templates.php" endpoint.

Recommendations For versions prior to 0.8.8d, update to version 0.8.8d or later to resolve the issue. As a temporary workaround, consider restricting access to the graph templates.php endpoint to minimize the risk of exploitation. Avoid using the graph template id parameter in the affected endpoint until the issue is resolved.