ID:9540 - Exploit for PHP file inclusion in Cacti - CVE-2023-49084

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:9540 - Exploit for PHP file inclusion in Cacti - CVE-2023-49084

ID:9540 - Exploit for PHP file inclusion in Cacti - CVE-2023-49084

Published: February 2, 2024


Vulnerability identifier: #VU84816
Vulnerability risk: Medium
CVE-ID: CVE-2023-49084
CWE-ID: CWE-98
Exploitation vector: Remote access
Vulnerable software:
Cacti

Link to public exploit:


Vulnerability description

The vulnerability allows a remote user to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files in link.php. A remote user can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.


Remediation

Install update from vendor's website.