Critical IP spoofing bug patched in Cacti


The RRDTool frontend and performance/fault management framework, Cacti, contains a severe issue that may have given attackers access to the server to execute any PHP command. Cacti is a well-known PHP-based open-source network graphing, monitoring, and fault-management tool. Database round-robin tool is known as RRDTool.

Although Cacti is typically not intended to be accessed from public networks, a hacker with network access to the server might use the remote code execution (RCE) issue without needing to authenticate.

Read More…