Remote Code Execution in Cacti 1.1.27 via Log Path Vulnerability

Remote Code Execution in Cacti 1.1.27 via Log Path Vulnerability

CVE-2017-16660 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.

Learn more about our Web App Pen Testing.