Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2017-16660 - log back

CVE-2017-16660 created at 25 Sep 2019 19:31:40

Severity

+

High

Remote

+

Remote

Type

+	Arbitrary code execution

Description

+	Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.

References

+	https://github.com/Cacti/cacti/issues/1066
+	https://github.com/Cacti/cacti/commit/4e74f46fe24bed533fcfc8c8a43121ed59ce2002

Notes