Moole Vulnerability Database

Find real vulnerabilities before they ship

Unknown

CVE-2004-1737

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

PublishedAug 16, 2004, 04:00

Published Bycve@mitre.org

Affected Versions

No affected versions found.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025376.html
http://marc.info/?l=bugtraq&m=109272483621038&w=2
http://secunia.com/advisories/12308
http://www.gentoo.org/security/en/glsa/glsa-200408-21.xml
http://www.securityfocus.com/bid/10960
https://exchange.xforce.ibmcloud.com/vulnerabilities/17011

Weakness Type

NVD-CWE-Other

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base SeverityUnknown

Version

2.0

Attack Vector (AV)