{"uuid": "37c5cfbb-4b3d-4d46-a493-fed2e961fd40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-7237", "type": "seen", "source": "https://t.me/cveNotify/336", "content": "\ud83d\udea8 CVE-2020-7237\nCacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.\n\n\ud83c\udf96@cveNotify", "creation_timestamp": "2022-08-02T12:26:48.000000Z"}