CVE-2023-49085
published 2023-12-22CVE-2023-49085: Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the…
PriorityP182high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
84.63%
99.7th percentile
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | <= 1.2.25 | — |
| cacti | cacti | >= 0 < 1.2.16+ds1-2+deb11u3 | 1.2.16+ds1-2+deb11u3 |
| cacti | cacti | >= 0 < 1.2.24+ds1-1+deb12u2 | 1.2.24+ds1-1+deb12u2 |
| cacti | cacti | >= 0 < 1.2.26+ds1-1 | 1.2.26+ds1-1 |
| cacti | cacti | >= 0 < 1.2.26+ds1-1 | 1.2.26+ds1-1 |
| debian | cacti | < cacti 1.2.24+ds1-1+deb12u2 (bookworm) | cacti 1.2.24+ds1-1+deb12u2 (bookworm) |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests targeting pollers.php for SQL injection patterns (e.g., unexpected SQL metacharacters or stacked queries in parameters). ↗
- →The exploit chains CVE-2023-49085 (SQLi) with CVE-2023-49084 (LFI) to achieve RCE — alert on LFI indicators (path traversal sequences) in requests to Cacti endpoints alongside SQLi attempts. ↗
- →Exploitation requires an authenticated session with 'Sites/Devices/Data' permission under 'General Administration' — investigate authenticated sessions making unusual requests to pollers.php. ↗
- ·Exploitation requires an authenticated user account with specific 'Sites/Devices/Data' permissions — unauthenticated access alone is not sufficient to trigger the vulnerability. ↗
- ·Affected versions are Cacti 1.2.25 and prior; Debian-based deployments have backported fixes available (bookworm: 1.2.24+ds1-1+deb12u2, bullseye: 1.2.16+ds1-2+deb11u3, sid/trixie/forky: 1.2.26+ds1-1). ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-49085: Cacti provides an operational monitoring and fault management framework
osv·2023-12-22·CVSS 8.8
CVE-2023-49085 [HIGH] CVE-2023-49085: Cacti provides an operational monitoring and fault management framework
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.
Debian
CVE-2023-49085: cacti - Cacti provides an operational monitoring and fault management framework. In vers...
vendor_debian·2023·CVSS 8.8
CVE-2023-49085 [HIGH] CVE-2023-49085: cacti - Cacti provides an operational monitoring and fault management framework. In vers...
Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.
Scope: local
bookworm: resolved (fixed in 1.2.24+ds1-1+deb12u2)
bullseye: resolved (fixed in 1.2.16+ds1-2+deb11u3)
forky: resolved (fixed in 1.2.26+ds1-1)
sid: resolved (fixed in 1.2.26+ds1-1)
trixie: resolved (fixed in 1.2.26+ds1-1)
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.htmlhttps://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855https://lists.debian.org/debian-lts-announce/2024/03/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.htmlhttps://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855https://lists.debian.org/debian-lts-announce/2024/03/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
2023-12-22
Published