Cacti@0.6.5 Security Vulnerabilities and Issues — Cacti@0.6.5 CVE List

Lucene search

The Cacti GroupCacti0.6.5

7 matches found

CVE•added 2005/02/26 5:0 a.m.•53 views

CVE-2004-1737

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

7.5CVSS8.6AI score0.03848EPSS

CVE•added 2005/06/22 4:0 a.m.•52 views

CVE-2005-1524

PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.

5CVSS7.3AI score0.07971EPSS

CVE•added 2005/06/22 4:0 a.m.•40 views

CVE-2005-1526

PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.

7.5CVSS7.2AI score0.07579EPSS

CVE•added 2005/06/22 4:0 a.m.•37 views

CVE-2005-1525

SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8AI score0.01582EPSS

CVE•added 2004/09/01 4:0 a.m.•35 views

CVE-2002-1478

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.

10CVSS7.3AI score0.00893EPSS

CVE•added 2004/09/01 4:0 a.m.•31 views

CVE-2002-1477

graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.

7.5CVSS7.2AI score0.02653EPSS

CVE•added 2004/09/01 4:0 a.m.•31 views

CVE-2002-1479

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.

4.6CVSS6.6AI score0.00051EPSS