CVE-2004-1737

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

Published: Aug 16, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1737
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
the_cacti_group / cacti	0.8.5	0.8.5.x
the_cacti_group / cacti	0.6.7	0.6.7.x
the_cacti_group / cacti	0.8.2a	0.8.2a.x
the_cacti_group / cacti	0.6.4	0.6.4.x
the_cacti_group / cacti	0.6.1	0.6.1.x
the_cacti_group / cacti	0.6	0.6.x
the_cacti_group / cacti	0.8.3a	0.8.3a.x
the_cacti_group / cacti	0.8	0.8.x
the_cacti_group / cacti	0.6.6	0.6.6.x
the_cacti_group / cacti	0.6.5	0.6.5.x
the_cacti_group / cacti	0.8.5a	0.8.5a.x
the_cacti_group / cacti	0.8.4	0.8.4.x
the_cacti_group / cacti	0.8.3	0.8.3.x
the_cacti_group / cacti	0.8.1	0.8.1.x
the_cacti_group / cacti	0.8.2	0.8.2.x
the_cacti_group / cacti	0.6.3	0.6.3.x
the_cacti_group / cacti	0.6.8	0.6.8.x
the_cacti_group / cacti	0.6.8a	0.6.8a.x
the_cacti_group / cacti	0.6.2	0.6.2.x
gentoo / linux	1.4	1.4.x

Vulnerability Database

289,599

CVE-2004-1737