CVE-2017-16660 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
Group Package Affected Fixed Severity Status Ticket
AVG-537 cacti 1.1.17-1 1.1.28-1 High Fixed
Date Advisory Group Package Severity Description
02 Dec 2017 ASA-201712-2 AVG-537 cacti High multiple issues
References
https://github.com/Cacti/cacti/issues/1066
https://github.com/Cacti/cacti/commit/4e74f46fe24bed533fcfc8c8a43121ed59ce2002