Bug ID 1218378
Summary VUL-0: CVE-2023-49085: cacti: Multiple vulnerabilities
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.6
Hardware Other
URL https://smash.suse.de/issue/389219/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Other
Assignee pstivanin@suse.com
Reporter smash_bz@suse.de
QA Contact security-team@suse.de
CC meissner@suse.com
Target Milestone ---
Found By Security Response Team
Blocker ---

Cacti provides an operational monitoring and fault management framework. In
versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through
the `pollers.php` script. An authorized user may be able to execute arbitrary
SQL code. The vulnerable component is the `pollers.php`. Impact of the
vulnerability - arbitrary SQL code execution. As of time of publication, a
patch does not appear to exist.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49085


You are receiving this mail because: