{"id":"CVE-2004-1737","details":"SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.","modified":"2026-04-10T03:36:38.886465Z","published":"2004-08-16T04:00:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/12308"},{"type":"ADVISORY","url":"http://www.gentoo.org/security/en/glsa/glsa-200408-21.xml"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/10960"},{"type":"EVIDENCE","url":"http://secunia.com/advisories/12308"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/10960"},{"type":"FIX","url":"http://secunia.com/advisories/12308"},{"type":"FIX","url":"http://www.gentoo.org/security/en/glsa/glsa-200408-21.xml"},{"type":"FIX","url":"http://www.securityfocus.com/bid/10960"},{"type":"WEB","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025376.html"},{"type":"WEB","url":"http://marc.info/?l=bugtraq&m=109272483621038&w=2"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/17011"}],"schema_version":"1.7.5"}