CVE-2005-10004

High CVSS: 8.7

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.

Vendor

Cacti

Product

Cacti

CWE

CWE-78

Yayın Tarihi

2025-08-30 14:15:32

Güncelleme

2025-12-26 16:42:27

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Cacti HIGH Cacti 2025

Referanslar

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/cacti_graphimage_exec.rb https://web.archive.org/web/20050305034552/http://www.cacti.net/cactid_download.php https://www.cacti.net/info/downloads https://www.exploit-db.com/exploits/16881 https://www.exploit-db.com/exploits/9911 https://www.vulncheck.com/advisories/cacti-graph-view-rce

Benzer Kayıtlar

High

CVE-2025-66399

Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw i…

High

CVE-2025-26520

Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template paramete…

High

CVE-2025-24367

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation…

Medium

CVE-2025-24368

Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php…

Critical

CVE-2025-22604

Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, auth…

Medium

CVE-2024-54145

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_d…