How severe is CVE-2024-43363?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2024-43363?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2024-43363 - HIGH Severity | CVSS 7.2

Vulnerability Description

Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2013-2267

HIGH

CVSS:7.2(High)

PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.

CWE-942013

CVE-2015-0249

HIGH

CVSS:7.2(High)

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka ...

CWE-942015

CVE-2015-3173

HIGH

CVSS:7.2(High)

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.

CWE-942015

CVE-2015-9227

HIGH

CVSS:7.2(High)

PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in...

CWE-942015

CVE-2017-15935

HIGH

CVSS:7.2(High)

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.

CWE-942017

CVE-2017-16682

HIGH

CVSS:7.2(High)

SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed...

CWE-942017