Описание
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-2149
- http://securitytracker.com/id?1014361
- http://sourceforge.net/mailarchive/forum.php?forum_id=10360&max_rows=25&style=flat&viewmonth=200507&viewday=1
- http://www.cacti.net/downloads/patches/0.8.6e/cacti-0.8.6f_security.patch
- http://www.debian.org/security/2005/dsa-764
- http://www.hardened-php.net/advisory-052005.php
- http://www.securityfocus.com/archive/1/404040
- http://www.securityfocus.com/bid/14130
- http://www.vupen.com/english/advisories/2005/0951
EPSS
CVE ID
Связанные уязвимости
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...
EPSS