CVE-2017-16661 log

Source
Severity Medium
Remote Yes
Type Arbitrary filesystem access
Description
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.
Group Package Affected Fixed Severity Status Ticket
AVG-537 cacti 1.1.17-1 1.1.28-1 High Fixed
Date Advisory Group Package Severity Description
02 Dec 2017 ASA-201712-2 AVG-537 cacti High multiple issues
References
https://github.com/Cacti/cacti/issues/1066
https://github.com/Cacti/cacti/commit/a179e8092dbff7406e39ca16c2823f4fe530f5e0
https://github.com/Cacti/cacti/commit/c0f0ce27f0c281d7e1e57f91891c5ca9a92df013
https://github.com/Cacti/cacti/commit/96d793f33ebf16c0b12e1ec779d7debb87990cdd