Cacti : Security Vulnerabilities, CVEs, Published In 2017 (Code Execution)
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
Max CVSS
9.0
EPSS Score
0.15%
Published
2017-11-08
Updated
2019-10-03
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
Max CVSS
9.8
EPSS Score
3.22%
Published
2017-08-01
Updated
2019-10-03
2 vulnerabilities found