Published: 25/06/2014 Updated: 12/01/2015

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote malicious users to execute arbitrary SQL commands via the id parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti superlinks 1.4-2

Cacti Superlinks version 14-2 suffers from code execution via local file inclusion, and remote SQL injection vulnerabilities ...

#!/bin/sh ############## # Exploit Title: Cacti - Superlinks Plugin 14-2 RCE(LFI) via SQL Injection # Date: 19/12/2014 # Exploit Author: Wireghoul # Software Link: docscactinet/plugin:superlinks # Identifiers: CVE-2014-4644, EDB-ID-33809 # Exploit explanation through inline comments # Patch provided at the end # # This is the year where h ...

$$$$$$\ $$\ $$\ $$$$$$\ $$ __$$\ $$ | $$ | $$ __$$\ $$ / \__| $$ | $$ | $$ / \__| $$ |$$$$\ $$$$$$$$ | \$$$$$$\ $$ |\_$$ | $$ __$$ | \____$$\ $$ | $$ | $$ | $$ | $$\ $$ | \$$$$$$ |$$\ $$ | $$ |$$\\$$$$$$ | \______/ \__|\__| \__|\__|\______/ # Exploit Title: Cacti - Superlinks Plugin S ...

CWE-89 http://www.exploit-db.com/exploits/33809 http://www.securityfocus.com/bid/68141 http://osvdb.org/show/osvdb/108452 https://nvd.nist.gov https://packetstormsecurity.com/files/129671/Cacti-Superlinks-1.4-2-Code-Execution-LFI-SQL-Injection.html https://www.exploit-db.com/exploits/35578/

CVE-2014-4644

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect