CVE-2005-2149

2005-07-0604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

cacti

config.php

remote attackers

privileges

sql injection

nvd

7.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.7%

JSON

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.

CPENameOperatorVersion
the_cacti_group:cactithe cacti group cactieq0.8.5
the_cacti_group:cactithe cacti group cactieq0.8.6b
the_cacti_group:cactithe cacti group cactieq0.8.6c
the_cacti_group:cactithe cacti group cactieq0.8.6a
the_cacti_group:cactithe cacti group cactieq0.8.2a
the_cacti_group:cactithe cacti group cactieq0.8.3a
the_cacti_group:cactithe cacti group cactieq0.8
the_cacti_group:cactithe cacti group cactieq0.8.5a
the_cacti_group:cactithe cacti group cactieq0.8.4
the_cacti_group:cactithe cacti group cactieq0.8.6

CPE	Name	Operator	Version
the_cacti_group:cacti	the cacti group cacti	eq	0.8.5
the_cacti_group:cacti	the cacti group cacti	eq	0.8.6b
the_cacti_group:cacti	the cacti group cacti	eq	0.8.6c
the_cacti_group:cacti	the cacti group cacti	eq	0.8.6a
the_cacti_group:cacti	the cacti group cacti	eq	0.8.2a
the_cacti_group:cacti	the cacti group cacti	eq	0.8.3a
the_cacti_group:cacti	the cacti group cacti	eq	0.8
the_cacti_group:cacti	the cacti group cacti	eq	0.8.5a
the_cacti_group:cacti	the cacti group cacti	eq	0.8.4
the_cacti_group:cacti	the cacti group cacti	eq	0.8.6