CVE-2020-7237

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.
Configurations

Configuration 1

cpe:2.3:a:cacti:cacti:1.2.8:*:*:*:*:*:*:*

Information

Published : 2020-01-20 05:15

Updated : 2020-02-19 03:15


NVD link : CVE-2020-7237

Mitre link : CVE-2020-7237

Products Affected
No products.
CWE