CVE-2004-1737 : SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands

SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

Published 2004-08-16 04:00:00

Updated 2017-07-11 01:31:19

Source MITRE

View at NVD, CVE.org

Vulnerability category: Sql Injection

Exploit prediction scoring system (EPSS) score for CVE-2004-1737

Probability of exploitation activity in the next 30 days: 0.28%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-1737

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2004-1737

http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025376.html

CVEs referencing this url
http://marc.info/?l=bugtraq&m=109272483621038&w=2

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200408-21.xml

Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17011
http://www.securityfocus.com/bid/10960

Exploit;Patch;Vendor Advisory

Products affected by CVE-2004-1737

Gentoo » Linux » Version: 1.4
cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6.1
cpe:2.3:a:the_cacti_group:cacti:0.6.1:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6.6
cpe:2.3:a:the_cacti_group:cacti:0.6.6:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6.8
cpe:2.3:a:the_cacti_group:cacti:0.6.8:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6.2
cpe:2.3:a:the_cacti_group:cacti:0.6.2:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6.3
cpe:2.3:a:the_cacti_group:cacti:0.6.3:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6.4
cpe:2.3:a:the_cacti_group:cacti:0.6.4:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6.5
cpe:2.3:a:the_cacti_group:cacti:0.6.5:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6
cpe:2.3:a:the_cacti_group:cacti:0.6:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6.7
cpe:2.3:a:the_cacti_group:cacti:0.6.7:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.8.5a
cpe:2.3:a:the_cacti_group:cacti:0.8.5a:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.8.2a
cpe:2.3:a:the_cacti_group:cacti:0.8.2a:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.8.3
cpe:2.3:a:the_cacti_group:cacti:0.8.3:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.8.1
cpe:2.3:a:the_cacti_group:cacti:0.8.1:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.8.2
cpe:2.3:a:the_cacti_group:cacti:0.8.2:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.6.8a
cpe:2.3:a:the_cacti_group:cacti:0.6.8a:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.8
cpe:2.3:a:the_cacti_group:cacti:0.8:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.8.5
cpe:2.3:a:the_cacti_group:cacti:0.8.5:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.8.3a
cpe:2.3:a:the_cacti_group:cacti:0.8.3a:*:*:*:*:*:*:*
Matching versions
The Cacti Group » Cacti » Version: 0.8.4
cpe:2.3:a:the_cacti_group:cacti:0.8.4:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2004-1737

Exploit prediction scoring system (EPSS) score for CVE-2004-1737

CVSS scores for CVE-2004-1737

References for CVE-2004-1737

Products affected by CVE-2004-1737