Vulnerabilities > CVE-2006-6799 - Remote Command Execution vulnerability in Cacti CMD.PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
the-cacti-group
nessus
exploit available
NVD
Published: 2006-12-28
Updated: 2018-10-17

Summary

SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.

Vulnerable Configurations

Part Description Count
Application
The_Cacti_Group
1

Exploit-Db

idEDB-ID:3029

Nessus

  • NASL familyCGI abuses
    NASL idCACTI_CMD_PHP_CMD_EXEC.NASL
    descriptionThe remote host is running Cacti, a web-based, front end to RRDTool for network graphing. The version of Cacti on the remote host does not properly check to ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id23963
    published2007-01-02
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23963
    titleCacti cmd.php Multiple Parameter SQL Injection Arbitrary Command Execution
  • NASL familySuSE Local Security Checks
    NASL idSUSE_CACTI-2447.NASL
    descriptionA command injection in cmd.php in cacti was fixed, which might have allowed remote attackers to inject commands and so execute code. (CVE-2006-6799)
    last seen2020-06-01
    modified2020-06-02
    plugin id27169
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27169
    titleopenSUSE 10 Security Update : cacti (cacti-2447)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1250.NASL
    descriptionIt was discovered that cacti, a frontend to rrdtool, performs insufficient validation of data passed to the
    last seen2020-06-01
    modified2020-06-02
    plugin id24247
    published2007-01-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24247
    titleDebian DSA-1250-1 : cacti - missing input sanitising
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200701-23.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200701-23 (Cacti: Command execution and SQL injection) rgod discovered that the Cacti cmd.php and copy_cacti_user.php scripts do not properly control access to the command shell, and are remotely accessible by unauthenticated users. This allows SQL injection via cmd.php and copy_cacti_user.php URLs. Further, the results from the injected SQL query are not properly sanitized before being passed to a command shell. The vulnerabilities require that the
    last seen2020-06-01
    modified2020-06-02
    plugin id24308
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24308
    titleGLSA-200701-23 : Cacti: Command execution and SQL injection
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2007_007.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2007:007 (cacti). A command injection in cmd.php in cacti was fixed, which might have allowed remote attackers to inject commands and so execute code. This issue is tracked by the Mitre CVE ID CVE-2006-6799.
    last seen2019-10-28
    modified2007-02-18
    plugin id24461
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24461
    titleSUSE-SA:2007:007: cacti

References