cacti

• Author: kikadf
• Vulnerable: 0.8.8b-2arcturus1
• Unaffected: 0.8.8b-2arcturus2

Multiple security issues (cross-site scripting, missing input sanitising and SQL injection) have been discovered in Cacti, a web interface for graphing of monitoring systems.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5025
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5026
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5043
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5261
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5262