VDB
CVE-2008-0785
CVE-2008-0785
PUBLISHED
CVSS 7.5 HIGH
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.
EPSS 2.09% · 84.3th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
2.09%
84.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cacti | cacti | 0.8.7a, 0.6.7, 0.8 |
| n/a | n/a | n/a |
Timeline
- Feb 14, 2008 CVE Published
- Jul 30, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- FEDORA-2008-1737 vendor-advisory
- 29242 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=432758 url
- 3657 third-party-advisory
- SUSE-SR:2008:005 vendor-advisory
- GLSA-200803-18 vendor-advisory
- 28872 third-party-advisory
- MDVSA-2008:052 vendor-advisory
- http://www.cacti.net/release_notes_0_8_7b.php url
- 30045 third-party-advisory
- 29274 third-party-advisory
- 20080212 cacti -- Multiple security vulnerabilities have been discovered mailing-list
- ADV-2008-0540 vdb
- 27749 vdb
- DSA-1569 vendor-advisory
- 28976 third-party-advisory
- FEDORA-2008-1699 vendor-advisory
- 1019414 vdb
- 20080212 Cacti 0.8.7a Multiple Vulnerabilities mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2008-0785 advisory