What is CVE-2005-10004?

CVE-2005-10004 is a vulnerability in Raxnet/ian Berry Cacti, classified under OS Command Injection. Published 2025-08-30.

Is CVE-2005-10004 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Raxnet/ian Berry Cacti

CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.580 (98.2th percentile) — read the EPSS interpretation.

Affected products

Raxnet/ian Berry Cacti — versions 0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/9911 (exploit)
www.exploit-db.com/exploits/16881 (exploit)
www.cacti.net/info/downloads (product)
web.archive.org/web/20050305034552/http://www.cacti.net/cactid_download.php (product, patch)
www.vulncheck.com/advisories/cacti-graph-view-rce (third-party-advisory)

Frequently asked questions

What is CVE-2005-10004?: CVE-2005-10004 is a vulnerability in Raxnet/ian Berry Cacti, classified under OS Command Injection. Published 2025-08-30.
Is CVE-2005-10004 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.