PT-2023-9091 · Cacti+1 · Cacti+1

012Git012

Publicado

2023-12-20

Atualizado

2024-06-15

CVE-2023-49084

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cacti (affected versions not specified)

Description The issue is related to incorrect handling of file names for PHP include or require functions in the link.php component, allowing an attacker to execute arbitrary code on the server. This can be achieved through SQL Injection and insufficient processing of the include file path. The exploitation of this issue is possible for an authorized user, and its impact is the execution of arbitrary code on the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-98

Identificadores relacionados

ALT-PU-2023-8407

ALT-PU-2024-1003

BDU:2024-03557

CVE-2023-49084

DLA-3765-1

DSA-5646-1

GHSA-CX8G-HVQ8-P2RV

GHSA-GJ3F-P326-GH8R

GHSA-PFH9-GWM6-86VP

OPENSUSE-SU-2024:0031-1

OPENSUSE-SU-2024:13533-1

Produtos afetados

Alt Linux

Cacti

PT-2023-9091 · Cacti+1 · Cacti+1

CVE-2023-49084

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 42