- EPSS 1.54%
- Veröffentlicht 31.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:08:18
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.
CVE-2004-1737
- EPSS 2.83%
- Veröffentlicht 16.08.2004 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:08:18
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
CVE-2002-1477
- EPSS 2.28%
- Veröffentlicht 22.04.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:24
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
- EPSS 2.51%
- Veröffentlicht 22.04.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:24
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
CVE-2002-1479
- EPSS 0.47%
- Veröffentlicht 22.04.2003 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:59:24
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.