10
CVE-2005-2149
- EPSS 2.31%
- Veröffentlicht 06.07.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:21
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
The Cacti Group ≫ Cacti Version0.8
The Cacti Group ≫ Cacti Version0.8.1
The Cacti Group ≫ Cacti Version0.8.2
The Cacti Group ≫ Cacti Version0.8.2a
The Cacti Group ≫ Cacti Version0.8.3
The Cacti Group ≫ Cacti Version0.8.3a
The Cacti Group ≫ Cacti Version0.8.4
The Cacti Group ≫ Cacti Version0.8.5
The Cacti Group ≫ Cacti Version0.8.5a
The Cacti Group ≫ Cacti Version0.8.6
The Cacti Group ≫ Cacti Version0.8.6a
The Cacti Group ≫ Cacti Version0.8.6b
The Cacti Group ≫ Cacti Version0.8.6c
The Cacti Group ≫ Cacti Version0.8.6d
The Cacti Group ≫ Cacti Version0.8.6e
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.31% | 0.811 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
http://www.debian.org/security/2005/dsa-764
http://securitytracker.com/id?1014361
http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1
http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch
http://www.vupen.com/english/advisories/2005/0951
http://www.hardened-php.net/advisory-052005.php
http://www.securityfocus.com/archive/1/404040
http://www.securityfocus.com/bid/14130