6.7 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
75.7%
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.