Download
| Alert*
oval:org.secpod.oval:def:63838
The host is installed with Cacti 1.2.8 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to handle an input validation error in Boost Debug Log field. Successful exploitation could allows privileged attackers to execute remote code. oval:org.secpod.oval:def:1801981 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to tr ... oval:org.secpod.oval:def:2003996 Cacti 1.2.8 allows Remote Code Execution via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product. |