Vulnerability Details : CVE-2005-2148
Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php.
Products affected by CVE-2005-2148
- cpe:2.3:a:the_cacti_group:cacti:0.8.5a:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.2a:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.3a:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.6a:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.6e:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.6b:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.6c:*:*:*:*:*:*:*
- cpe:2.3:a:the_cacti_group:cacti:0.8.6d:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2148
2.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-2148
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2005-2148
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/21266
Cacti graph.php post cookie SQL injection CVE-2005-2148 Vulnerability Report
-
http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch
404 Not FoundPatch
-
http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1
Page not found - SourceForge.netPatch
-
http://www.hardened-php.net/advisory-032005.php
Hardened PHP - Hardened-PHPPatch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/21270
Cacti $_REQUEST array command execution undefined Vulnerability Report
-
http://www.securityfocus.com/archive/1/404054
-
http://www.debian.org/security/2005/dsa-764
[SECURITY] [DSA 764-1] New cacti packages fix several vulnerabilities
-
http://www.hardened-php.net/advisory-042005.php
Hardened PHP - Hardened-PHPPatch
-
http://www.securityfocus.com/bid/14129
-
http://securitytracker.com/id?1014361
Access Denied
-
http://www.securityfocus.com/archive/1/404047/30/30/threaded
-
http://www.securityfocus.com/bid/14128
-
http://www.vupen.com/english/advisories/2005/0951
Site en construction
Jump to