CVE-2023-49085
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-49085
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49085.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-49085
- Aliases
-
- GHSA-vr3c-38wh-g855
- Downstream
- Related
- Published
- 2023-12-22T16:13:13Z
- Modified
- 2025-10-21T19:32:17Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Cacti SQL Injection vulnerability
- Details
-
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the
pollers.phpscript. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is thepollers.php. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist. - Database specific
{ "cwe_ids": [ "CWE-89" ] }- References
-
- https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855
- http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html
- https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451
- https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/