Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.
References
Configurations
History
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Mar 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Dec 2023, 18:48
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451 - Exploit, Vendor Advisory | |
References | () https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855 - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* |
22 Dec 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-22 17:15
Updated : 2024-06-10 17:16
NVD link : CVE-2023-49085
Mitre link : CVE-2023-49085
CVE.ORG link : CVE-2023-49085
JSON object : View
Products Affected
cacti
- cacti
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')