- EPSS 0.48%
- Published 31.12.2004 05:00:00
- Last modified 03.04.2025 01:03:51
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.
CVE-2004-1737
- EPSS 3.85%
- Published 16.08.2004 04:00:00
- Last modified 03.04.2025 01:03:51
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
CVE-2002-1477
- EPSS 2.65%
- Published 22.04.2003 04:00:00
- Last modified 03.04.2025 01:03:51
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
- EPSS 0.59%
- Published 22.04.2003 04:00:00
- Last modified 03.04.2025 01:03:51
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
CVE-2002-1479
- EPSS 0.05%
- Published 22.04.2003 04:00:00
- Last modified 03.04.2025 01:03:51
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.