
We found results for “”
CVE-2023-49085
Date: December 22, 2023
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the "pollers.php" script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the "pollers.php". Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.
Language: PHP
Severity Score
Related Resources (8)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-89CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |