Home > Vulnerability Database > CVE-2023-49084

Mend.io Vulnerability Database

CVE-2023-49084

Date: December 21, 2023

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

Language: PHP

Severity Score

8.8

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49084

Url: https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

Url: https://security-tracker.debian.org/tracker/CVE-2023-49084

Url: http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html

Url: https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

Url: https://www.mend.io/vulnerability-database/CVE-2023-49084

Severity Score

8.8

Weakness Type (CWE)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

CWE-98

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49084

Date: December 21, 2023

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?