CVE-2025-24367
HIGH8.8EPSS 87.9%發布日:2025/1/27修改日:2026/5/27
描述
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
受影響套件(1)
- Debian/cactifrom 0, < 1.2.16+ds1-2+deb11u5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |