Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1737

7 documents7 sources

Severity

7.5HIGH

EPSS

3.2%

top 12.99%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Gentoo Linux THE Cacti Group Cacti

Timeline

PublishedAug 16

Latest updateApr 29

Description

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶Debiancacti< 0.8.5a-5+3

▶NVDthe_cacti_group/cacti19 versions+18

▶NVDgentoo/linux1.4

Patches

Patch: secunia.com ↗Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-v3h5-fhg8-jp65: SQL injection vulnerability in auth_login↗2022-04-29

▶

CVEList

CVE-2004-1737: SQL injection vulnerability in auth_login↗2005-02-26

▶

OSV

CVE-2004-1737: SQL injection vulnerability in auth_login↗2004-08-16

▶

💥Exploits & PoCs

Exploit-DB

RaXnet Cacti 0.6.x/0.8.x - 'Auth_Login.php' SQL Injection↗2004-07-16

▶

📋Vendor Advisories

Debian

CVE-2004-1737: cacti - SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote atta...↗2004

▶

💬Community

Bugzilla

CVE-2004-0492 httpd mod_proxy buffer overflow↗2008-01-28

▶