2255601 – (CVE-2023-49084) CVE-2023-49084 cacti: RCE when managing links

Bug 2255601 (CVE-2023-49084) - CVE-2023-49084 cacti: RCE when managing links

Summary: CVE-2023-49084 cacti: RCE when managing links

Keywords:
Status:	NEW
Alias:	CVE-2023-49084
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2255602 2255603
Blocks:
TreeView+	depends on / blocked

Reported:	2023-12-22 11:15 UTC by TEJ RATHI
Modified:	2023-12-22 11:15 UTC (History)
CC List:	0 users
Fixed In Version:	cacti 1.2.26
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-12-22 11:15:23 UTC

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

Comment 1 TEJ RATHI 2023-12-22 11:15:46 UTC

Created cacti tracking bugs for this issue:

Affects: epel-all [bug 2255603]
Affects: fedora-all [bug 2255602]

Note You need to log in before you can comment on or make changes to this bug.