Remote Code Execution and Privilege Escalation in Cacti 0.8.6e and earlier

Remote Code Execution and Privilege Escalation in Cacti 0.8.6e and earlier

CVE-2005-2149 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.