PT-2023-9091 · Cacti+1 · Cacti+1

012Git012

Published

2023-12-20

Updated

2024-06-15

CVE-2023-49084

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cacti (affected versions not specified)

Description The issue is related to incorrect handling of file names for PHP include or require functions in the link.php component, allowing an attacker to execute arbitrary code on the server. This can be achieved through SQL Injection and insufficient processing of the include file path. The exploitation of this issue is possible for an authorized user, and its impact is the execution of arbitrary code on the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-98

Related Identifiers

ALT-PU-2023-8407

ALT-PU-2024-1003

BDU:2024-03557

CVE-2023-49084

DLA-3765-1

DSA-5646-1

GHSA-CX8G-HVQ8-P2RV

GHSA-GJ3F-P326-GH8R

GHSA-PFH9-GWM6-86VP

OPENSUSE-SU-2024:0031-1

OPENSUSE-SU-2024:13533-1

Affected Products

Alt Linux

Cacti

PT-2023-9091 · Cacti+1 · Cacti+1

CVE-2023-49084

Weakness Enumeration

Related Identifiers

Affected Products

References · 42