icon

We found results for “

CVE-2023-49085

Date: December 22, 2023

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the "pollers.php" script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the "pollers.php". Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us