Bug ID 1218360
Summary VUL-0: CVE-2023-49084: cacti: multiple vulnerabilities in link.php file
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.6
Hardware Other
URL https://smash.suse.de/issue/389152/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee nix@opensuse.org
Reporter smash_bz@suse.de
QA Contact security-team@suse.de
CC andrea.mattiazzo@suse.com
Target Milestone ---
Found By Security Response Team
Blocker ---

Cacti is a robust performance and fault management framework and a frontend to
RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection
and insufficient processing of the include file path, it is possible to execute
arbitrary code on the server. Exploitation of the vulnerability is possible for
an authorized user. The vulnerable component is the `link.php`. Impact of the
vulnerability execution of arbitrary code on the server. 

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49084
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

Patch:
https://github.com/Cacti/cacti/commit/c7c91bf4bdb87769351782b61cda6d89e8e82343


You are receiving this mail because: