The host is installed with Cacti 1.2.24 and is prone to an open URL redirect vulnerability. A flaw is present in the application, which fails to handle a specifically crafted url and a phishing message. Successful exploitation allows attackers with console access to redirect to an arbitrary website after a change password performed.