CVE-2005-2148

5 documents5 sources

Severity

7.5HIGH

EPSS

4.1%

top 11.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Cacti Group Cacti

Timeline

PublishedJul 6

Latest updateMay 1

Description

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.…

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debiancacti< 0.8.6f-1+3

▶NVDthe_cacti_group/cacti15 versions+14

Patches

Patch: sourceforge.net ↗Patch: www.cacti.net ↗Patch: www.hardened-php.net ↗

🔴Vulnerability Details

GHSA

GHSA-cqpx-grv2-8p3h: Cacti 0↗2022-05-01

▶

CVEList

CVE-2005-2148: Cacti 0↗2005-07-06

▶

OSV

CVE-2005-2148: Cacti 0↗2005-07-06

▶

📋Vendor Advisories

Debian

CVE-2005-2148: cacti - Cacti 0.8.6e and earlier does not perform proper input validation to protect aga...↗2005

▶