Vulnerabilities > CVE-2004-1737 - SQL Injection vulnerability in RaXnet Cacti Auth_Login.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
Vulnerable Configurations
Exploit-Db
description | RaXnet Cacti 0.6.x/0.8.x Auth_Login.PHP SQL Injection Vulnerability. CVE-2004-1737. Webapps exploit for php platform |
id | EDB-ID:24375 |
last seen | 2016-02-02 |
modified | 2004-07-16 |
published | 2004-07-16 |
reporter | Fernando Quintero |
source | https://www.exploit-db.com/download/24375/ |
title | RaXnet Cacti 0.6.x/0.8.x - Auth_Login.PHP SQL Injection Vulnerability |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200408-21.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200408-21 (Cacti: SQL injection vulnerability) Cacti is vulnerable to a SQL injection attack where an attacker may inject SQL into the Username field. Impact : An attacker could compromise the Cacti service and potentially execute programs with the permissions of the user running Cacti. Only systems with php_flag magic_quotes_gpc set to Off are vulnerable. By default, Gentoo Linux installs PHP with this option set to On. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Cacti. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 14577 |
published | 2004-08-30 |
reporter | This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/14577 |
title | GLSA-200408-21 : Cacti: SQL injection vulnerability |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025376.html
- http://marc.info/?l=bugtraq&m=109272483621038&w=2
- http://secunia.com/advisories/12308
- http://www.gentoo.org/security/en/glsa/glsa-200408-21.xml
- http://www.securityfocus.com/bid/10960
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17011