Remote Code Execution in Cacti 1.1.27 via Log Path Vulnerability
CVE-2017-16660 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
Learn more about our Web App Pen Testing.