Arbitrary OS Command Execution in Cacti 1.1.27 via path_rrdtool Parameter
CVE-2017-16641 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
Learn more about our Web Application Penetration Testing UK.