CVE-2023-49085

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cacti versions 1.2.25 and prior

Description The issue is related to a lack of protection in the SQL query structure of the Cacti network monitoring tool, specifically in the pollers.php script. This allows an authorized user to execute arbitrary SQL code, potentially leading to the execution of arbitrary code by a remote attacker. The vulnerable component is the pollers.php script. The impact of this issue is the execution of arbitrary SQL code.

Recommendations For versions 1.2.25 and prior, consider disabling the pollers.php script as a temporary workaround until a patch is available. Restrict access to the pollers.php script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2023-8407

ALT-PU-2024-1003

ALT-PU-2024-7120

ALT-PU-2025-1813

BDU:2024-01113

CVE-2023-49085

DLA-3765-1

DSA-5646-1

GHSA-VR3C-38WH-G855

OPENSUSE-SU-2024:0031-1

OPENSUSE-SU-2024:13533-1

Affected Products

Alt Linux

Cacti

CVE-2023-49085

Weakness Enumeration

Related Identifiers

Affected Products

References · 39