| CVE-2017-16785 |
High |
Yes |
Cross-site scripting |
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. |
| CVE-2017-16661 |
Medium |
Yes |
Arbitrary filesystem access |
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a... |
| CVE-2017-16660 |
High |
Yes |
Arbitrary code execution |
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making... |
| CVE-2017-16641 |
High |
Yes |
Arbitrary command execution |
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save... |