Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-16661  

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

Source
Severity Medium

Remote Yes

Type Arbitrary filesystem access

Description 

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

AVG-537 cacti 1.1.17-1 1.1.28-1 High Fixed

02 Dec 2017 ASA-201712-2 AVG-537 cacti High multiple issues 

https://github.com/Cacti/cacti/issues/1066
https://github.com/Cacti/cacti/commit/a179e8092dbff7406e39ca16c2823f4fe530f5e0
https://github.com/Cacti/cacti/commit/c0f0ce27f0c281d7e1e57f91891c5ca9a92df013
https://github.com/Cacti/cacti/commit/96d793f33ebf16c0b12e1ec779d7debb87990cdd

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started