{"url":"http://public2.vulnerablecode.io/api/packages/583328?format=json","purl":"pkg:deb/debian/cacti@0.8.5a-5?distro=trixie","type":"deb","namespace":"debian","name":"cacti","version":"0.8.5a-5","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.8.6d-1","latest_non_vulnerable_version":"1.2.30+ds1-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57271?format=json","vulnerability_id":"VCID-cpkb-6zw3-rffv","summary":"With special configurations of Cacti it is possible to change passwords via\n    a SQL injection attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1737","reference_id":"","reference_type":"","scores":[{"value":"0.03203","scoring_system":"epss","scoring_elements":"0.86954","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03203","scoring_system":"epss","scoring_elements":"0.86965","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03203","scoring_system":"epss","scoring_elements":"0.86984","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03203","scoring_system":"epss","scoring_elements":"0.86976","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03203","scoring_system":"epss","scoring_elements":"0.86996","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03203","scoring_system":"epss","scoring_elements":"0.87004","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03203","scoring_system":"epss","scoring_elements":"0.87017","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03203","scoring_system":"epss","scoring_elements":"0.87012","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03203","scoring_system":"epss","scoring_elements":"0.87006","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1737"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24375.txt","reference_id":"CVE-2004-1737;OSVDB-8989","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24375.txt"},{"reference_url":"https://www.securityfocus.com/bid/10960/info","reference_id":"CVE-2004-1737;OSVDB-8989","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/10960/info"},{"reference_url":"https://security.gentoo.org/glsa/200408-21","reference_id":"GLSA-200408-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200408-21"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583328?format=json","purl":"pkg:deb/debian/cacti@0.8.5a-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0.8.5a-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"}],"aliases":["CVE-2004-1737"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpkb-6zw3-rffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91262?format=json","vulnerability_id":"VCID-pf3g-22dc-5yc5","summary":"Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1736","reference_id":"","reference_type":"","scores":[{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64843","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64894","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64921","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64884","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64934","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64949","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64966","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64956","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00477","scoring_system":"epss","scoring_elements":"0.64929","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-1736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583328?format=json","purl":"pkg:deb/debian/cacti@0.8.5a-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0.8.5a-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"}],"aliases":["CVE-2004-1736"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pf3g-22dc-5yc5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0.8.5a-5%3Fdistro=trixie"}