Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1524

7 documents6 sources
Severity
5.0MEDIUM
EPSS
12.1%
top 6.21%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
THE Cacti Group Cacti
Timeline
PublishedJun 22
Latest updateMay 1

Description

PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiancacti< 0.8.6e-1+3
NVDthe_cacti_group/cacti0.8.6d+19

Patches

Patch: www.cacti.netPatch: www.gentoo.orgPatch: www.idefense.com

🔴Vulnerability Details

3
GHSA
GHSA-x9gq-h28h-fhwf: PHP file inclusion vulnerability in top_graph_header2022-05-01
OSV
CVE-2005-1524: PHP file inclusion vulnerability in top_graph_header2005-06-22
CVEList
CVE-2005-1524: PHP file inclusion vulnerability in top_graph_header2005-06-22

💥Exploits & PoCs

2
Exploit-DB
RaXnet Cacti 0.5/0.6.x/0.8.x - 'Graph_Image.php' Remote Command Execution Variant2005-07-01
Exploit-DB
RaXnet Cacti 0.5/0.6/0.8 - 'Top_Graph_Header.php' Remote File Inclusion2005-06-20

📋Vendor Advisories

1
Debian
CVE-2005-1524: cacti - PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and pos...2005
CVE-2005-1524 (MEDIUM CVSS 5) | PHP file inclusion vulnerability in | cvebase.io