CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2005-2149

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile35.92th
Published2005年7月6日
Last Modified2026年4月16日

Vulnerability Description

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.

Affected Platforms (CPE)

📦
The Cacti Group

Cacti

= 0.8
📦
The Cacti Group

Cacti

= 0.8.1
📦
The Cacti Group

Cacti

= 0.8.2
📦
The Cacti Group

Cacti

= 0.8.2a
📦
The Cacti Group

Cacti

= 0.8.3
📦
The Cacti Group

Cacti

= 0.8.3a
📦
The Cacti Group

Cacti

= 0.8.4
📦
The Cacti Group

Cacti

= 0.8.5
📦
The Cacti Group

Cacti

= 0.8.5a
📦
The Cacti Group

Cacti

= 0.8.6
📦
The Cacti Group

Cacti

= 0.8.6a
📦
The Cacti Group

Cacti

= 0.8.6b
📦
The Cacti Group

Cacti

= 0.8.6c
📦
The Cacti Group

Cacti

= 0.8.6d
📦
The Cacti Group

Cacti

= 0.8.6e

References & Advisories

🔗 http://securitytracker.com/id?1014361
🔗 http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1
🔗 http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch
🔗 http://www.debian.org/security/2005/dsa-764
🔗 http://www.hardened-php.net/advisory-052005.php
🔗 http://www.securityfocus.com/archive/1/404040
🔗 http://www.securityfocus.com/bid/14130
🔗 http://www.vupen.com/english/advisories/2005/0951

相關漏洞威脅

CVE-2002-147810.0

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.

CVE-2021-406439.8

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location ...

CVE-2017-120659.8

spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outl...

CVE-2009-41129.0

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for th...