Description
Due to an authorization bypass vulnerability in the remote agent handling in Cacti, au unauthenticated attacker can execute arbitrary OS commands with a specially crafted HTTP request.
Remediation
Upgrade to the latest version of Cacti
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2001-0506)
Microsoft SQL Server Other Vulnerability (CVE-2000-1086)
SharePoint CVE-2023-33160 Vulnerability (CVE-2023-33160)
Joomla Numeric Errors Vulnerability (CVE-2008-4102)
ZenCart Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-11675)