Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

Related CVEs

CVE-2017-16661

Key Information

GHSA ID

GHSA-gf56-7m3m-298f

Published

May 17, 2022 12:20 AM

Last Modified

May 17, 2022 12:20 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 31, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.