Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0785SQL Injection in Cacti

CWE-89SQL Injection15 documents8 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.97%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
CactiDebian Cacti
Timeline
PublishedFeb 14
Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/cacti< cacti 0.8.7b-1 (bookworm)
Debiancacti/cacti< 0.8.7b-1+3
NVDcacti/cacti16 versions+15

Patches

Patch: www.cacti.netPatch: www.securityfocus.comPatch: www.cacti.net

🔴Vulnerability Details

2
GHSA
GHSA-5mjg-w552-cfpq: Multiple SQL injection vulnerabilities in Cacti 02022-05-01
OSV
CVE-2008-0785: Multiple SQL injection vulnerabilities in Cacti 02008-02-14

💥Exploits & PoCs

4
Exploit-DB
Cacti 0.8.7 - '/index.php/sql.php?Login Action login_username' SQL Injection2008-02-12
Exploit-DB
Cacti 0.8.7 - 'tree.php' Multiple SQL Injections2008-02-12
Exploit-DB
Cacti 0.8.7 - 'graph_view.php?graph_list' SQL Injection2008-02-12
Exploit-DB
Cacti 0.8.7 - 'graph_xport.php?local_graph_id' SQL Injection2008-02-12

🔍Detection Rules

5
Suricata
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id DELETE2010-07-30
Suricata
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id INSERT2010-07-30
Suricata
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id SELECT2010-07-30
Suricata
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UPDATE2010-07-30
Suricata
ET WEB_SPECIFIC_APPS Cacti SQL Injection Vulnerability tree.php leaf_id UNION SELECT2010-07-30

📋Vendor Advisories

2
Debian
CVE-2008-0785: cacti - Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 be...2008
Red Hat
cacti: multiple input saintization issues (CVE-2008-0783, CVE-2008-0784, CVE-2008-0785, CVE-2008-0786)

💬Community

1
Bugzilla
cacti: multiple input saintization issues (CVE-2008-0783, CVE-2008-0784, CVE-2008-0785, CVE-2008-0786)2008-02-14