Cacti@0.8 Security Vulnerabilities and Issues — Cacti@0.8 CVE List

Lucene search

The Cacti GroupCacti0.8

6 matches found

CVE•added 2005/02/26 5:0 a.m.•53 views

CVE-2004-1737

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

7.5CVSS8.6AI score0.03848EPSS

CVE•added 2005/06/22 4:0 a.m.•52 views

CVE-2005-1524

PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.

5CVSS7.3AI score0.07971EPSS

CVE•added 2005/07/06 4:0 a.m.•44 views

CVE-2005-2149

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.

10CVSS7.2AI score0.01293EPSS

CVE•added 2005/07/06 4:0 a.m.•42 views

CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_reque...

7.5CVSS7.7AI score0.04133EPSS

CVE•added 2005/06/22 4:0 a.m.•40 views

CVE-2005-1526

PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.

7.5CVSS7.2AI score0.07579EPSS

CVE•added 2005/06/22 4:0 a.m.•37 views

CVE-2005-1525

SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8AI score0.01582EPSS