Remote Code Execution and Privilege Escalation in Cacti 0.8.6e and earlier
CVE-2005-2149 · HIGH Severity
AV:N/AC:L/AU:N/C:C/I:C/A:C
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.