Vulnerabilities > CVE-2004-1737 - SQL Injection vulnerability in RaXnet Cacti Auth_Login.PHP

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

the-cacti-group

gentoo

nessus

exploit available

NVD

Published: 2004-08-16

Updated: 2017-07-11

Summary

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

Vulnerable Configurations

Part	Description	Count
Application	The_Cacti_Group THE Cacti Group Cacti 0.6 THE Cacti Group Cacti 0.6.1 THE Cacti Group Cacti 0.6.2 THE Cacti Group Cacti 0.6.3 THE Cacti Group Cacti 0.6.4 THE Cacti Group Cacti 0.6.5 THE Cacti Group Cacti 0.6.6 THE Cacti Group Cacti 0.6.7 THE Cacti Group Cacti 0.6.8 THE Cacti Group Cacti 0.6.8A THE Cacti Group Cacti 0.8 THE Cacti Group Cacti 0.8.1 THE Cacti Group Cacti 0.8.2 THE Cacti Group Cacti 0.8.2A THE Cacti Group Cacti 0.8.3 THE Cacti Group Cacti 0.8.3A THE Cacti Group Cacti 0.8.4 THE Cacti Group Cacti 0.8.5 THE Cacti Group Cacti 0.8.5A	19
OS	Gentoo Gentoo Linux 1.4	1

Exploit-Db

description	RaXnet Cacti 0.6.x/0.8.x Auth_Login.PHP SQL Injection Vulnerability. CVE-2004-1737. Webapps exploit for php platform
id	EDB-ID:24375
last seen	2016-02-02
modified	2004-07-16
published	2004-07-16
reporter	Fernando Quintero
source	https://www.exploit-db.com/download/24375/
title	RaXnet Cacti 0.6.x/0.8.x - Auth_Login.PHP SQL Injection Vulnerability

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200408-21.NASL
description	The remote host is affected by the vulnerability described in GLSA-200408-21 (Cacti: SQL injection vulnerability) Cacti is vulnerable to a SQL injection attack where an attacker may inject SQL into the Username field. Impact : An attacker could compromise the Cacti service and potentially execute programs with the permissions of the user running Cacti. Only systems with php_flag magic_quotes_gpc set to Off are vulnerable. By default, Gentoo Linux installs PHP with this option set to On. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Cacti.
last seen	2020-06-01
modified	2020-06-02
plugin id	14577
published	2004-08-30
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/14577
title	GLSA-200408-21 : Cacti: SQL injection vulnerability

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References