CVE-2014-2708

N/A Unknown

Published: April 10, 2014 Modified: May 06, 2026

Description

Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://bugs.cacti.net/view.php?id=2405

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q2/15

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q2/2

Source: cve@mitre.org

http://secunia.com/advisories/57647

Source: cve@mitre.org

http://secunia.com/advisories/59203

Source: cve@mitre.org

http://svn.cacti.net/viewvc?view=rev&revision=7439

Source: cve@mitre.org

Patch

http://www.debian.org/security/2014/dsa-2970

Source: cve@mitre.org

http://www.securityfocus.com/bid/66555

Source: cve@mitre.org

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1084258

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/92278

Source: cve@mitre.org

https://security.gentoo.org/glsa/201509-03

Source: cve@mitre.org

http://bugs.cacti.net/view.php?id=2405

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/oss-sec/2014/q2/15

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/oss-sec/2014/q2/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57647

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59203

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.cacti.net/viewvc?view=rev&revision=7439

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.debian.org/security/2014/dsa-2970

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/66555

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1084258

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/92278

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201509-03

Source: af854a3a-2127-422b-91ae-364da2661108

28 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

1.5%

81th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-89

Affected Vendors

cacti

Related CVEs

CVE-2026-8696 7.5

CVE-2026-45672 8.8

CVE-2026-45402 8.1

CVE-2026-45401 8.5

CVE-2026-45400 8.5