Decription: Recently the latest release of Cacti monitoring had been anounced.
- Authentication using web authentication as a user not in the cacti database allows complete access (regression)
- Cacti SQL Injection Vulnerability
- When click the [Clear] button after clicking the [Refresh] button in Preview Mode , fails to CSRFcheck
- CVE-2016-3659 - Cacti graph_view.php SQL Injection Vulnerability
- Outdated MIBs for non-unicast packets
- Index is a MySQL 5.6 reserved word
- generate_graph_def_name() generates reserved word "cf"
Recommended action: Apply the latest upgrade.