Arbitrary Command Execution via Title in Cacti graphs.php

Arbitrary Command Execution via Title in Cacti graphs.php

CVE-2002-1477 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.

Learn more about our Web Application Penetration Testing UK.