config.php in Cacti 0.8.6e and previous versions allows remote malicious users to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
the cacti group cacti 0.8.2 |
||
the cacti group cacti 0.8.2a |
||
the cacti group cacti 0.8.6a |
||
the cacti group cacti 0.8.6b |
||
the cacti group cacti 0.8.4 |
||
the cacti group cacti 0.8.5 |
||
the cacti group cacti 0.8.6e |
||
the cacti group cacti 0.8.3 |
||
the cacti group cacti 0.8.3a |
||
the cacti group cacti 0.8.6c |
||
the cacti group cacti 0.8.6d |
||
the cacti group cacti 0.8 |
||
the cacti group cacti 0.8.1 |
||
the cacti group cacti 0.8.5a |
||
the cacti group cacti 0.8.6 |