Published: 21/12/2023 Updated: 18/03/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti cacti 1.2.25

Debian Bug report logs - #1059254 cacti: CVE-2023-49084 CVE-2023-49086 Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 22 Dec 2023 08:42:02 UTC Severity: grave Tags: security, upstream Found in ver ...

This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1226 to achieve remote code execution Authentication is needed and the account must have access to the vulnerable PHP script (pollersphp) This is granted by setting the Sites/Devices/Data permission in the General Administ ...

This exploit module leverages a SQLi (CVE-2023-49085) and a LFI (CVE-2023-49084) vulnerability in Cacti versions prior to 1226 to achieve RCE Authentication is needed and the account must have access to the vulnerable PHP script (`pollersphp`) This is granted by setting the `Sites/Devices/Data` permissio ...

This exploit module leverages a SQLi (CVE-2023-49085) and a LFI (CVE-2023-49084) vulnerability in Cacti versions prior to 1.2.26 to achieve RCE. Authentication is needed and the account must have access to the vulnerable PHP script (`pollers.php`). This is granted by setting the `Sites/Devices/Data` permission in the `General Administration` section.

msf > use exploit/multi/http/cacti_pollers_sqli_rce
msf exploit(cacti_pollers_sqli_rce) > show targets
    ...targets...
msf exploit(cacti_pollers_sqli_rce) > set TARGET < target-id >
msf exploit(cacti_pollers_sqli_rce) > show options
    ...show and set options...
msf exploit(cacti_pollers_sqli_rce) > exploit

CWE-98 https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254 https://nvd.nist.gov https://www.rapid7.com/db/modules/exploit/multi/http/cacti_pollers_sqli_rce/

CVE-2023-49084

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Metasploit Modules

References

Vulmon Search

About

Products

Connect