CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
References
Link Resource
https://github.com/Cacti/cacti/issues/1066 Exploit Issue Tracking Patch
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*

Information

Published : 2017-11-07 21:29

Updated : 2019-10-02 17:03


NVD link : CVE-2017-16660

Mitre link : CVE-2017-16660


JSON object : View

CWE
CWE-668

Exposure of Resource to Wrong Sphere

Advertisement

dedicated server usa

Products Affected

cacti

  • cacti