Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
References
Link | Resource |
---|---|
https://github.com/Cacti/cacti/issues/1066 | Exploit Issue Tracking Patch |
Configurations
Information
Published : 2017-11-07 21:29
Updated : 2019-10-02 17:03
NVD link : CVE-2017-16660
Mitre link : CVE-2017-16660
JSON object : View
CWE
CWE-668
Exposure of Resource to Wrong Sphere
Products Affected
cacti
- cacti