CVE-2008-0785

Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.

Published: Feb 14, 2008
Updated: Nov 9, 2025
CVE: CVE-2008-0785
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cacti / cacti	0.8.7	0.8.7.x
cacti / cacti	0.8.5a	0.8.5a.x
cacti / cacti	0.8.3	0.8.3.x
cacti / cacti	0.8.2	0.8.2.x
cacti / cacti	0.8.5	0.8.5.x
cacti / cacti	0.8.7a	0.8.7a.x
cacti / cacti	0.8.6f	0.8.6f.x
cacti / cacti	0.8.6j	0.8.6j.x
cacti / cacti	0.8	0.8.x
cacti / cacti	0.8.6i	0.8.6i.x
cacti / cacti	0.6.7	0.6.7.x
cacti / cacti	0.8.1	0.8.1.x
cacti / cacti	0.8.4	0.8.4.x
cacti / cacti	0.8.6c	0.8.6c.x
cacti / cacti	0.8.2a	0.8.2a.x
cacti / cacti	0.8.3a	0.8.3a.x

Vulnerability Database

313,825

CVE-2008-0785

Deep Security Visibility Without the Complexity