← Back to CVE List

CVE-2023-31132

Published: 2023-09-05T22:15Z
Last Modified: 2025-04-11T14:17Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt