CVE-2008-0784 — Sensitive Information Exposure in Cacti

CWE-200 — Sensitive Information Exposure6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.6%

top 18.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedFeb 14

Latest updateMay 1

Description

graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.7b-1 (bookworm)

▶Debiancacti/cacti< 0.8.7b-1+3

▶NVDcacti/cacti16 versions+15

Patches

Patch: www.cacti.net ↗Patch: www.securityfocus.com ↗Patch: www.cacti.net ↗

🔴Vulnerability Details

GHSA

GHSA-q255-j47v-gc2r: graph↗2022-05-01

▶

OSV

CVE-2008-0784: graph↗2008-02-14

▶

📋Vendor Advisories

Debian

CVE-2008-0784: cacti - graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote att...↗2008

▶

Red Hat

cacti: multiple input saintization issues (CVE-2008-0783, CVE-2008-0784, CVE-2008-0785, CVE-2008-0786)↗

▶

💬Community

Bugzilla

cacti: multiple input saintization issues (CVE-2008-0783, CVE-2008-0784, CVE-2008-0785, CVE-2008-0786)↗2008-02-14

▶