SQL injection vulnerability in the hostnewgraphs function in graphsnew.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cgg parameter in a save action.
{ "urgency": "not yet assigned" }