Vulnerability Description
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cacti | Cacti | 1.2.25 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remo
- https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vpExploitVendor Advisory
- https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
- https://lists.fedoraproject.org/archives/list/[email protected]
- http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remo
- https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vpExploitVendor Advisory
- https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
- https://lists.fedoraproject.org/archives/list/[email protected]
FAQ
What is CVE-2023-49084?
CVE-2023-49084 is a vulnerability with a CVSS score of 8.0 (HIGH). Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the includ...
How severe is CVE-2023-49084?
CVE-2023-49084 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49084?
Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti.