CVE-2017-16661

Name of the Vulnerable Software and Affected Versions Cacti version 1.1.27

Description The issue allows remote authenticated administrators to read arbitrary files. This can be achieved by modifying the Log Path to point to a private directory and then making a request to "clog.php?filename=" with the desired file, such as 'filename=passwd' to read '/etc/passwd'.

Recommendations For Cacti version 1.1.27, restrict access to the clog.php file and limit the ability to modify the Log Path to prevent unauthorized file reading. As a temporary workaround, consider restricting the filename parameter in the clog.php request to minimize the risk of exploitation.