CVE-2005-1524

Summary

CVE	CVE-2005-1524
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-06-22 04:00:00 UTC
Updated	2017-07-11 01:32:00 UTC
Description	PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	The Cacti Group	Cacti	0.5	All	All	All
Application	The Cacti Group	Cacti	0.6	All	All	All
Application	The Cacti Group	Cacti	0.6.1	All	All	All
Application	The Cacti Group	Cacti	0.6.2	All	All	All
Application	The Cacti Group	Cacti	0.6.3	All	All	All
Application	The Cacti Group	Cacti	0.6.4	All	All	All
Application	The Cacti Group	Cacti	0.6.5	All	All	All
Application	The Cacti Group	Cacti	0.6.6	All	All	All
Application	The Cacti Group	Cacti	0.6.7	All	All	All
Application	The Cacti Group	Cacti	0.6.8	All	All	All
Application	The Cacti Group	Cacti	0.6.8a	All	All	All
Application	The Cacti Group	Cacti	0.8	All	All	All
Application	The Cacti Group	Cacti	0.8.1	All	All	All
Application	The Cacti Group	Cacti	0.8.2	All	All	All
Application	The Cacti Group	Cacti	0.8.2a	All	All	All
Application	The Cacti Group	Cacti	0.8.3	All	All	All
Application	The Cacti Group	Cacti	0.8.3a	All	All	All
Application	The Cacti Group	Cacti	0.8.4	All	All	All
Application	The Cacti Group	Cacti	0.8.5a	All	All	All
Application	The Cacti Group	Cacti	All	All	All	All
Application	The Cacti Group	Cacti	0.5	All	All	All
Application	The Cacti Group	Cacti	0.6	All	All	All
Application	The Cacti Group	Cacti	0.6.1	All	All	All
Application	The Cacti Group	Cacti	0.6.2	All	All	All
Application	The Cacti Group	Cacti	0.6.3	All	All	All
Application	The Cacti Group	Cacti	0.6.4	All	All	All
Application	The Cacti Group	Cacti	0.6.5	All	All	All
Application	The Cacti Group	Cacti	0.6.6	All	All	All
Application	The Cacti Group	Cacti	0.6.7	All	All	All
Application	The Cacti Group	Cacti	0.6.8	All	All	All
Application	The Cacti Group	Cacti	0.6.8a	All	All	All
Application	The Cacti Group	Cacti	0.8	All	All	All
Application	The Cacti Group	Cacti	0.8.1	All	All	All
Application	The Cacti Group	Cacti	0.8.2	All	All	All
Application	The Cacti Group	Cacti	0.8.2a	All	All	All
Application	The Cacti Group	Cacti	0.8.3	All	All	All
Application	The Cacti Group	Cacti	0.8.3a	All	All	All
Application	The Cacti Group	Cacti	0.8.4	All	All	All
Application	The Cacti Group	Cacti	0.8.5a	All	All	All

References

Reference	Source	Link	Tags
Secunia - Advisories - Cacti Multiple Vulnerabilities	SECUNIA	secunia.com
Secunia - Advisories - Debian update for cacti	SECUNIA	secunia.com
17426	OSVDB	www.osvdb.org
CLSA-2005:978	CONECTIVA	distro.conectiva.com
Secunia - Advisories - Conectiva update for cacti	SECUNIA	secunia.com
Cacti: The Complete RRDTool-based Graphing Solution	CONFIRM	www.cacti.net	Patch, Vendor Advisory
SecurityTracker.com Archives - Cacti Input Validation Holes Let Remote Users Inject SQL Commands and Execute Arbitrary Commands	SECTRACK	securitytracker.com
Gentoo Linux Documentation -- Cacti: Several vulnerabilities	GENTOO	www.gentoo.org	Patch, Vendor Advisory
Debian -- Security Information -- DSA-764-1 cacti	DEBIAN	www.debian.org
Cyber Defense I Accenture	IDEFENSE	www.idefense.com	Patch, Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.