data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cacti cacti 1.2.8 |