DEBIAN-CVE-2023-49085
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-49085
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2023-49085.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2023-49085
- Upstream
- Published
- 2023-12-22T17:15:07Z
- Modified
- 2025-09-30T05:16:14.050451Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the
pollers.phpscript. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is thepollers.php. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist. - References
Affected packages
Debian:11 / cacti
Package
- Name
- cacti
- Purl
- pkg:deb/debian/cacti?arch=source
Debian:12 / cacti
Package
- Name
- cacti
- Purl
- pkg:deb/debian/cacti?arch=source
Debian:13 / cacti
Package
- Name
- cacti
- Purl
- pkg:deb/debian/cacti?arch=source
Debian:14 / cacti
Package
- Name
- cacti
- Purl
- pkg:deb/debian/cacti?arch=source