diff --git a/lib/html_form_template.php b/lib/html_form_template.php
index 4c32fbc534..29c94530f3 100644
--- a/lib/html_form_template.php
+++ b/lib/html_form_template.php
@@ -156,6 +156,18 @@ function draw_nontemplated_fields_graph_item($graph_template_id, $local_graph_id
if (cacti_sizeof($input_item_list)) {
foreach ($input_item_list as $item) {
+ if (!db_column_exists('graph_templates_item', $item['column_name'])) {
+ raise_message_javascript(
+ __('Attempted SQL Injection'),
+ __('There was a SQL Injection attempted on the page'),
+ __('A client attempted to create a SQL Injection into Cacti likely from an external host with the address %s', get_client_addr())
+ );
+
+ cacti_log(sprintf('ERROR: A client attempted to create a SQL Injection into Cacti likely from an external host with the address %s', get_client_addr()), false, 'SECURITY');
+
+ exit;
+ }
+
$form_array = array();
if (!empty($local_graph_id)) {