0Xfatty

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.2.8 **Description** The issue allows remote code execution by privileged users through shell metacharacters in the Performance Boost Debug Log field of poller automation.php. This occurs when a new poller cycle begins, requiring the attacker to be authenticated and have access to modify the Performance Settings of the product. **Recommendations** For Cacti version 1.2.8, consider disabling access to the Performance Boost Debug Log field in poller automation.php until a patch is available, and restrict modifications to the Performance Settings to trusted users only.

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.2.8 **Description** The issue concerns stored XSS in several PHP files, including data sources.php, color templates item.php, graphs.php, graph items.php, lib/api automation.php, user admin.php, and user group admin.php. This is demonstrated by the `description` parameter in data sources.php, where a raw string from the database is displayed by $header, triggering the XSS. **Recommendations** For Cacti version 1.2.8, consider disabling the affected PHP files or restricting access to them until a patch is available. As a temporary workaround, avoid using the `description` parameter in the affected files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.2.8 **Description** The issue concerns remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host in the data input.php file. However, the vendor has stated that this is a false alarm. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.