{"id":"MGASA-2016-0178","summary":"Updated cacti packages fix security vulnerabilities","details":"Updated cacti package fixes security vulnerability:\n\nSQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows\nremote authenticated users to execute arbitrary SQL commands via the parent_id\nparameter in an item_edit action (CVE-2016-3172).\n\nSQL injection vulnerability in graph_view.php in Cacti 0.8.8.g and earlier\nallows remote authenticated users to execute arbitrary SQL commands via the\nhost_group_data parameter (CVE-2016-3659).\n","modified":"2026-04-16T01:48:52.587511290Z","published":"2016-05-18T20:14:22Z","upstream":["CVE-2016-3172","CVE-2016-3659"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0178.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18021"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2016-05/msg00074.html"}],"affected":[{"package":{"name":"cacti","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/cacti?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.8f-1.5.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0178.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}