Published: 22/06/2005 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in config_settings.php for Cacti prior to 0.8.6e allows remote malicious users to execute arbitrary SQL commands via the id parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
the cacti group cacti 0.6.4
the cacti group cacti 0.6.5
the cacti group cacti 0.8.2
the cacti group cacti 0.8.2a
the cacti group cacti 0.6
the cacti group cacti 0.6.1
the cacti group cacti 0.6.8
the cacti group cacti 0.6.8a
the cacti group cacti 0.8.4
the cacti group cacti 0.8.5a
the cacti group cacti 0.6.2
the cacti group cacti 0.6.3
the cacti group cacti 0.8
the cacti group cacti 0.8.1
the cacti group cacti
the cacti group cacti 0.5
the cacti group cacti 0.6.6
the cacti group cacti 0.6.7
the cacti group cacti 0.8.3
the cacti group cacti 0.8.3a

Several vulnerabilities have been discovered in cacti, a round-robin database (RRD) tool that helps create graphs from database information The Common Vulnerabilities and Exposures Project identifies the following problems: CAN-2005-1524 Maciej Piotr Falkiewicz and an anonymous researcher discovered an input validation bug that allows an ...

NVD-CWE-Other http://www.idefense.com/application/poi/display?id=267&type=vulnerabilities&flashstatus=true http://www.cacti.net/release_notes_0_8_6e.php http://www.gentoo.org/security/en/glsa/glsa-200506-20.xml http://www.osvdb.org/17424 http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000978 http://www.debian.org/security/2005/dsa-764 http://www.securityfocus.com/bid/14027 http://securitytracker.com/id?1014252 http://secunia.com/advisories/15490 http://secunia.com/advisories/15931 https://exchange.xforce.ibmcloud.com/vulnerabilities/21120 https://nvd.nist.gov https://www.debian.org/security/./dsa-764

CVE-2005-1525

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect