CVE-2023-49085 Information

Description

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior it is possible to execute arbitrary SQL code through the pollers.php script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the pollers.php. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication a patch does not appear to exist.

Reference

https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855 https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451