Cacti : Security Vulnerabilities, CVEs, Published In 2017 (Code Execution)

CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
Max CVSS
9.0
EPSS Score
0.15%
Published
2017-11-08
Updated
2019-10-03

CVE-2017-12065

spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
Max CVSS
9.8
EPSS Score
3.22%
Published
2017-08-01
Updated
2019-10-03
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close