Description: SQL injection vulnerability in the host_new_graphs function in
 graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users
 to execute arbitrary SQL commands via crafted serialized data in the
 selected_graphs_array parameter in a save action.
Author: Paul Gevers <elbrus@debian.org>
Bug: http://bugs.cacti.net/view.php?id=2652
Index: cacti/graphs_new.php
===================================================================
--- cacti.orig/graphs_new.php
+++ cacti/graphs_new.php
@@ -252,6 +252,9 @@ function host_new_graphs($host_id, $host
 
 	while (list($form_type, $form_array) = each($selected_graphs_array)) {
 		while (list($form_id1, $form_array2) = each($form_array)) {
+            /* ================= input validation ================= */
+            input_validate_input_number($form_id1);
+            /* ==================================================== */
 			if ($form_type == "cg") {
 				$graph_template_id = $form_id1;
 
@@ -260,6 +263,7 @@ function host_new_graphs($host_id, $host
 				while (list($form_id2, $form_array3) = each($form_array2)) {
 					/* ================= input validation ================= */
 					input_validate_input_number($snmp_query_id);
+					input_validate_input_number($form_id2);
 					/* ==================================================== */
 
 					$snmp_query_id = $form_id1;