config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2005-07-06T04:00:00
Updated: 2006-09-07T09:00:00
Reserved: 2005-07-06T00:00:00
Link: CVE-2005-2149
JSON object: View
NVD Information
Status : Modified
Published: 2005-07-06T04:00:00.000
Modified: 2011-03-08T02:23:29.720
Link: CVE-2005-2149
JSON object: View
Redhat Information
No data.
CWE