Hex0Wn

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.1.27 **Description** The issue allows remote authenticated administrators to conduct code execution attacks. This is achieved by placing the Log Path under the web root and then making a request to the `remote agent.php` endpoint containing code in the `Client-ip` header. **Recommendations** For Cacti version 1.1.27, consider restricting access to the `remote agent.php` endpoint until a patch is available. Additionally, ensure the Log Path is not under the web root to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.1.27 **Description** The issue allows remote authenticated administrators to read arbitrary files. This can be achieved by modifying the Log Path to point to a private directory and then making a request to "clog.php?filename=" with the desired file, such as 'filename=passwd' to read '/etc/passwd'. **Recommendations** For Cacti version 1.1.27, restrict access to the clog.php file and limit the ability to modify the Log Path to prevent unauthorized file reading. As a temporary workaround, consider restricting the `filename` parameter in the clog.php request to minimize the risk of exploitation.