Lucene search

K
cvelistMitreCVELIST:CVE-2020-7237
HistoryJan 20, 2020 - 4:06 a.m.

CVE-2020-7237

2020-01-2004:06:41
mitre
www.cve.org

8.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.

8.8 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%