Bug 2255601 (CVE-2023-49084) - CVE-2023-49084 cacti: RCE when managing links
Summary: CVE-2023-49084 cacti: RCE when managing links
Keywords:
Status: NEW
Alias: CVE-2023-49084
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2255602 2255603
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-12-22 11:15 UTC by TEJ RATHI
Modified: 2023-12-22 11:15 UTC (History)
0 users

Fixed In Version: cacti 1.2.26
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description TEJ RATHI 2023-12-22 11:15:23 UTC
Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

Comment 1 TEJ RATHI 2023-12-22 11:15:46 UTC
Created cacti tracking bugs for this issue:

Affects: epel-all [bug 2255603]
Affects: fedora-all [bug 2255602]


Note You need to log in before you can comment on or make changes to this bug.