CVE-2002-1477
cacti - arbitrary code execution
EPSS 2.7%
Description
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
How to fix CVE-2002-1477
To remediate CVE-2002-1477, upgrade the affected package to a fixed version below.
- Debian/cacti—upgrade to 0.6.8a-2 or later
- Debian/cacti—upgrade to 0.6.7-2.1 or later
Is CVE-2002-1477 being exploited?
Low — EPSS is 2.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.6.8a-2
- from 0, < 0.6.7-2.1