Home > Vulnerability Database > CVE-2023-49085

Mend.io Vulnerability Database

CVE-2023-49085

Date: December 22, 2023

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the "pollers.php" script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the "pollers.php". Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

Language: PHP

Severity Score

8.8

Related Resources (8)

Url: https://security-tracker.debian.org/tracker/CVE-2023-49085

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49085

Url: https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

Url: https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451

Url: http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html

Url: https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855

Url: https://www.mend.io/vulnerability-database/CVE-2023-49085

Severity Score

8.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CWE-89

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49085

Date: December 22, 2023

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?