CVE-2008-0784

Published: Feb 14, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.

Affected (16)

Products: Cacti: Cacti

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Cacti Cacti	Version 0.6.7
Cacti Cacti	Version 0.8.1
Cacti Cacti	Version 0.8.2
Cacti Cacti	Version 0.8.2a
Cacti Cacti	Version 0.8.3
Cacti Cacti	Version 0.8.3a
Cacti Cacti	Version 0.8.4
Cacti Cacti	Version 0.8.5
Cacti Cacti	Version 0.8.5a
Cacti Cacti	Version 0.8.6c
Cacti Cacti	Version 0.8.6f
Cacti Cacti	Version 0.8.6i
Cacti Cacti	Version 0.8.6j
Cacti Cacti	Version 0.8.7
Cacti Cacti	Version 0.8.7a
Cacti Cacti	Version 0.8

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (34)

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

Source: cve@mitre.org

http://secunia.com/advisories/28872

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/28976

Source: cve@mitre.org

http://secunia.com/advisories/29242

Source: cve@mitre.org

http://secunia.com/advisories/29274

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200803-18.xml

Source: cve@mitre.org

http://securityreason.com/securityalert/3657

Source: cve@mitre.org

http://www.cacti.net/release_notes_0_8_7b.php

Source: cve@mitre.org

Patch

http://www.mandriva.com/security/advisories?name=MDVSA-2008:052

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/488013/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/488018/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/27749

Source: cve@mitre.org

ExploitPatch

http://www.securitytracker.com/id?1019414

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/0540

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=432758

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28872

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/28976

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29242

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29274

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200803-18.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/3657

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cacti.net/release_notes_0_8_7b.php

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.mandriva.com/security/advisories?name=MDVSA-2008:052

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/488013/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/488018/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/27749

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://www.securitytracker.com/id?1019414

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/0540

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=432758

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.