Intrusion Prevention

RaXnet.Cacti.ConfigSettings.PHP.Remote.File.Inclusion

Description

It indicates a possible exploit of remote file inclusion vulnerability in Cacti software.


Cacti is a front-end application to RRDTool (Round Robin Database), it stores all of the necessary information to create graphs and populate them with data in a MySQL database. A vulnerability is reported in it that may allow an attacker to include PHP code and execute on the vulnerable system. This is due to application failure to properly sanitize config[include_path] parameters value passed to config_setting.php. An attacker may include PHP code in the config[include_path] parameters in a HTTP request and run it on the affected system with web server privilege, leading to shell access and compromise of the affected system.


Affected Products

Raxnet Cacti 0.8.6 d and earlier versions.

Impact

Compromise of the affected system.

Recommended Actions

Upgrade to Raxnet Cacti 0.8.6 e or later version.

CVE References

CVE-2005-1526

Other References

1