Arbitrary OS Command Execution in Cacti 1.1.27 via path_rrdtool Parameter

Arbitrary OS Command Execution in Cacti 1.1.27 via path_rrdtool Parameter

CVE-2017-16641 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.

Learn more about our Web Application Penetration Testing UK.