FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

net-mgmt/cacti is vulnerable to remote command injection

Affected packages
cacti < 1.2.23

Details

VuXML ID 59c284f4-8d2e-11ed-9ce0-b42e991fc52e
Discovery 2022-12-05
Entry 2023-01-05
Modified 2023-01-09

cacti team reports:

A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.

References

CVE Name CVE-2022-46169
URL https://nvd.nist.gov/vuln/detail/CVE-2022-46169