CVE-2006-6799

6 documents6 sources
Severity
7.5HIGH
EPSS
2.9%
top 13.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
THE Cacti Group Cacti
Timeline
PublishedDec 28
Latest updateMay 1

Description

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debiancacti< 0.8.6i-3+3

🔴Vulnerability Details

3
GHSA
GHSA-8f93-437m-m53h: SQL injection vulnerability in Cacti 02022-05-01
OSV
CVE-2006-6799: SQL injection vulnerability in Cacti 02006-12-28
CVEList
CVE-2006-6799: SQL injection vulnerability in Cacti 02006-12-28

📋Vendor Advisories

1
Debian
CVE-2006-6799: cacti - SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv...2006

💬Community

1
Bugzilla
CVE-2006-6799: Remote execution vulnerability in cacti.2007-01-12
CVE-2006-6799 (HIGH CVSS 7.5) | SQL injection vulnerability in Cact | cvebase.io