Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1526

6 documents6 sources
Severity
7.5HIGH
EPSS
8.7%
top 7.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
THE Cacti Group Cacti
Timeline
PublishedJun 22
Latest updateMay 1

Description

PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debiancacti< 0.8.6e-1+3
NVDthe_cacti_group/cacti0.8.6d+19

Patches

Patch: www.cacti.netPatch: www.gentoo.orgPatch: www.idefense.com

🔴Vulnerability Details

3
GHSA
GHSA-jm3f-754c-hx48: PHP remote file inclusion vulnerability in config_settings2022-05-01
CVEList
CVE-2005-1526: PHP remote file inclusion vulnerability in config_settings2005-06-22
OSV
CVE-2005-1526: PHP remote file inclusion vulnerability in config_settings2005-06-22

💥Exploits & PoCs

1
Exploit-DB
RaXnet Cacti 0.5/0.6/0.8 - 'Config_Settings.php' Remote File Inclusion2005-06-20

📋Vendor Advisories

1
Debian
CVE-2005-1526: cacti - PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0...2005
CVE-2005-1526 (HIGH CVSS 7.5) | PHP remote file inclusion vulnerabi | cvebase.io