Vulnerability Details CVE-2005-2149
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v2 Score 10.0
References
- http://securitytracker.com/id?1014361
- http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1
- http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch
- http://www.debian.org/security/2005/dsa-764
- http://www.hardened-php.net/advisory-052005.php
- http://www.securityfocus.com/archive/1/404040
- http://www.securityfocus.com/bid/14130
- http://www.vupen.com/english/advisories/2005/0951
- http://securitytracker.com/id?1014361
- http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1
- http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch
- http://www.debian.org/security/2005/dsa-764
- http://www.hardened-php.net/advisory-052005.php
- http://www.securityfocus.com/archive/1/404040
- http://www.securityfocus.com/bid/14130
- http://www.vupen.com/english/advisories/2005/0951
Products affected by CVE-2005-2149
-
cpe:2.3:a:the_cacti_group:cacti:0.8
-
cpe:2.3:a:the_cacti_group:cacti:0.8.1
-
cpe:2.3:a:the_cacti_group:cacti:0.8.2
-
cpe:2.3:a:the_cacti_group:cacti:0.8.2a
-
cpe:2.3:a:the_cacti_group:cacti:0.8.3
-
cpe:2.3:a:the_cacti_group:cacti:0.8.3a
-
cpe:2.3:a:the_cacti_group:cacti:0.8.4
-
cpe:2.3:a:the_cacti_group:cacti:0.8.5
-
cpe:2.3:a:the_cacti_group:cacti:0.8.5a
-
cpe:2.3:a:the_cacti_group:cacti:0.8.6
-
cpe:2.3:a:the_cacti_group:cacti:0.8.6a
-
cpe:2.3:a:the_cacti_group:cacti:0.8.6b
-
cpe:2.3:a:the_cacti_group:cacti:0.8.6c
-
cpe:2.3:a:the_cacti_group:cacti:0.8.6d
-
cpe:2.3:a:the_cacti_group:cacti:0.8.6e