CVE-2023-49084 : Cacti is a robust performance and fault management framework and a frontend to R

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

Published 2023-12-21 23:15:09

Updated 2024-06-10 17:16:15

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Sql InjectionExecute code

Products affected by CVE-2023-49084

Cacti » Cacti » Version: 1.2.25
cpe:2.3:a:cacti:cacti:1.2.25:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-49084

EPSS FAQ

88.52%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2023-49084

Cacti RCE via SQLi in pollers.php

Disclosure Date: 2023-12-20

First seen: 2024-02-09

exploit/multi/http/cacti_pollers_sqli_rce

This exploit module leverages a SQLi (CVE-2023-49085) and a LFI (CVE-2023-49084) vulnerability in Cacti versions prior to 1.2.26 to achieve RCE. Authentication is needed and the account must have access to the vulnerable PHP script (`pollers.php`). This is gr

More information

CVSS scores for CVE-2023-49084

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.0	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H	1.3	6.0	GitHub, Inc.
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-49084

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2023-49084

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

[SECURITY] Fedora 39 Update: cacti-spine-1.2.27-1.fc39 - package-announce - Fedora Mailing-Lists

CVEs referencing this url
http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html

Cacti pollers.php SQL Injection / Remote Code Execution ≈ Packet Storm

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

[SECURITY] [DLA 3765-1] cacti security update

CVEs referencing this url
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

RCE vulnerability when managing links · Advisory · Cacti/cacti · GitHub
Exploit;Vendor Advisory

CVEs referencing this url

Jump to