Worlak2

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.1.27 **Description** The issue is related to reflected XSS via the PATH INFO to `host.php`. **Recommendations** For Cacti version 1.1.27, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Cacti version 1.1.27 **Description** The issue allows remote authenticated administrators to execute arbitrary OS commands. This is achieved via the `path rrdtool` parameter in an "action=save" request to "settings.php". **Recommendations** For Cacti version 1.1.27, consider restricting access to the `path rrdtool` parameter in the "settings.php" file to minimize the risk of exploitation. As a temporary workaround, limit the ability to save settings via "settings.php" for authenticated administrators until a patch is available.