Cacti prior to 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
the cacti group cacti 0.5 |
||
the cacti group cacti 0.6.7 |
||
the cacti group cacti 0.6.4 |
||
the cacti group cacti 0.6.1 |
||
the cacti group cacti 0.6 |
||
the cacti group cacti 0.6.6 |
||
the cacti group cacti 0.6.5 |
||
the cacti group cacti 0.6.3 |
||
the cacti group cacti 0.6.8 |
||
the cacti group cacti 0.6.2 |