← Back

CVE-2002-1479

nvd nist
Published: Apr 22, 2003Modified: Apr 16, 2026

JSON object

Loading...
4.6
Vector
AV:L/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 3.9 / Impact: 6.4
Source: NVD

Description

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.

Affected (10)

The Cacti Group
1 product
Cacti
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
The Cacti Group
Cacti
Version 0.5
Cacti
Version 0.6.1
Cacti
Version 0.6.2
Cacti
Version 0.6.3
Cacti
Version 0.6.4
Cacti
Version 0.6.5
Cacti
Version 0.6.6
Cacti
Version 0.6.7
Cacti
Version 0.6.8
Cacti
Version 0.6

References (8)

Source: cve@mitre.org
ExploitPatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
URL Repurposed
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
URL Repurposed
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.