Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2016-2313

Published: 13/04/2016 Updated: 07/11/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Cacti

Vulnerability Summary

auth_login.php in Cacti prior to 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.

Vulnerable Product Search on Vulmon Subscribe to Product

cacti cacti

opensuse leap 42.1

opensuse opensuse 13.1

opensuse opensuse 13.2

Vendor Advisories

Debian CVElist Bug Report Logs: cacti: CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access
Debian Bug report logs - #814353 cacti: CVE-2016-2313: Authentication using web authentication as a user not in the cacti database allows complete access Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Dat ...
Debian CVElist Bug Report Logs: cacti: CVE-2016-3659: SQL injection vulnerability in graph_view.php
Debian Bug report logs - #820521 cacti: CVE-2016-3659: SQL injection vulnerability in graph_viewphp Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 9 Apr 2016 12:00:01 UTC Severity: important ...
Debian CVElist Bug Report Logs: cacti: CVE-2016-3172
Debian Bug report logs - #818647 cacti: CVE-2016-3172 Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 19 Mar 2016 06:21:01 UTC Severity: important Tags: patch, security, upstream Found in vers ...
Debian CVElist Bug Report Logs: cacti: Incomplete fix for CVE-2016-2313
Debian Bug report logs - #833420 cacti: Incomplete fix for CVE-2016-2313 Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 4 Aug 2016 06:27:02 UTC Severity: important Tags: fixed-upstream, upstr ...

References

CWE-264https://security.gentoo.org/glsa/201607-05http://www.securitytracker.com/id/1037745http://lists.opensuse.org/opensuse-updates/2016-02/msg00078.htmlhttp://www.cacti.net/release_notes_0_8_8g.phphttp://lists.opensuse.org/opensuse-updates/2016-02/msg00077.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00080.htmlhttp://bugs.cacti.net/view.php?id=2656https://security.gentoo.org/glsa/201711-10https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814353
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook