CVE-2023-49085

HIGH

CVSS v3

8.8

HIGH

EPSS Score

84.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

Technical Details

Published
12/22/2023

Frequently Asked Questions

What is CVE-2023-49085?

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

Is CVE-2023-49085 actively exploited?

Active exploitation of CVE-2023-49085 has not been confirmed. The EPSS score is 84.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2023-49085?

CVE-2023-49085 has a CVSS v3 base score of 8.8 (HIGH severity).

Is CVE-2023-49085 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.