Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-0785

Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.

Published

2008-02-14T23:00:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-89
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cacti cacti 0.6.7 Yes
Application cacti cacti 0.8 Yes
Application cacti cacti 0.8.1 Yes
Application cacti cacti 0.8.2 Yes
Application cacti cacti 0.8.2a Yes
Application cacti cacti 0.8.3 Yes
Application cacti cacti 0.8.3a Yes
Application cacti cacti 0.8.4 Yes
Application cacti cacti 0.8.5 Yes
Application cacti cacti 0.8.5a Yes
Application cacti cacti 0.8.6c Yes
Application cacti cacti 0.8.6f Yes
Application cacti cacti 0.8.6i Yes
Application cacti cacti 0.8.6j Yes
Application cacti cacti 0.8.7 Yes
Application cacti cacti 0.8.7a Yes
References