CVE-2020-7237
Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.
OS Command Injection
Vendor | Product | Version |
---|---|---|
cacti | cacti | 1.2.8 |
Debian Releases
Ubuntu Releases
Common Weakness Enumeration