CVE-2005-1525

Summary

CVE	CVE-2005-1525
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-06-22 04:00:00 UTC
Updated	2017-07-11 01:32:00 UTC
Description	SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	The Cacti Group	Cacti	0.5	All	All	All
Application	The Cacti Group	Cacti	0.6	All	All	All
Application	The Cacti Group	Cacti	0.6.1	All	All	All
Application	The Cacti Group	Cacti	0.6.2	All	All	All
Application	The Cacti Group	Cacti	0.6.3	All	All	All
Application	The Cacti Group	Cacti	0.6.4	All	All	All
Application	The Cacti Group	Cacti	0.6.5	All	All	All
Application	The Cacti Group	Cacti	0.6.6	All	All	All
Application	The Cacti Group	Cacti	0.6.7	All	All	All
Application	The Cacti Group	Cacti	0.6.8	All	All	All
Application	The Cacti Group	Cacti	0.6.8a	All	All	All
Application	The Cacti Group	Cacti	0.8	All	All	All
Application	The Cacti Group	Cacti	0.8.1	All	All	All
Application	The Cacti Group	Cacti	0.8.2	All	All	All
Application	The Cacti Group	Cacti	0.8.2a	All	All	All
Application	The Cacti Group	Cacti	0.8.3	All	All	All
Application	The Cacti Group	Cacti	0.8.3a	All	All	All
Application	The Cacti Group	Cacti	0.8.4	All	All	All
Application	The Cacti Group	Cacti	0.8.5a	All	All	All
Application	The Cacti Group	Cacti	All	All	All	All
Application	The Cacti Group	Cacti	0.5	All	All	All
Application	The Cacti Group	Cacti	0.6	All	All	All
Application	The Cacti Group	Cacti	0.6.1	All	All	All
Application	The Cacti Group	Cacti	0.6.2	All	All	All
Application	The Cacti Group	Cacti	0.6.3	All	All	All
Application	The Cacti Group	Cacti	0.6.4	All	All	All
Application	The Cacti Group	Cacti	0.6.5	All	All	All
Application	The Cacti Group	Cacti	0.6.6	All	All	All
Application	The Cacti Group	Cacti	0.6.7	All	All	All
Application	The Cacti Group	Cacti	0.6.8	All	All	All
Application	The Cacti Group	Cacti	0.6.8a	All	All	All
Application	The Cacti Group	Cacti	0.8	All	All	All
Application	The Cacti Group	Cacti	0.8.1	All	All	All
Application	The Cacti Group	Cacti	0.8.2	All	All	All
Application	The Cacti Group	Cacti	0.8.2a	All	All	All
Application	The Cacti Group	Cacti	0.8.3	All	All	All
Application	The Cacti Group	Cacti	0.8.3a	All	All	All
Application	The Cacti Group	Cacti	0.8.4	All	All	All
Application	The Cacti Group	Cacti	0.8.5a	All	All	All

References

Reference	Source	Link	Tags
Cyber Defense I Accenture	IDEFENSE	www.idefense.com	Patch, Vendor Advisory
17424	OSVDB	www.osvdb.org
Secunia - Advisories - Cacti Multiple Vulnerabilities	SECUNIA	secunia.com
CLSA-2005:978	CONECTIVA	distro.conectiva.com
Secunia - Advisories - Conectiva update for cacti	SECUNIA	secunia.com
Cacti: The Complete RRDTool-based Graphing Solution	CONFIRM	www.cacti.net	Patch, Vendor Advisory
SecurityTracker.com Archives - Cacti Input Validation Holes Let Remote Users Inject SQL Commands and Execute Arbitrary Commands	SECTRACK	securitytracker.com
Gentoo Linux Documentation -- Cacti: Several vulnerabilities	GENTOO	www.gentoo.org	Patch, Vendor Advisory
Debian -- Security Information -- DSA-764-1 cacti	DEBIAN	www.debian.org
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
RaXnet Cacti Multiple SQL Injection Vulnerabilities	BID	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.