Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-49085

Published: 22/12/2023 Updated: 18/03/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Cacti

Vulnerability Summary

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cacti cacti

Exploits

Exploit DB: Cacti pollers.php SQL Injection / Remote Code Execution
This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1226 to achieve remote code execution Authentication is needed and the account must have access to the vulnerable PHP script (pollersphp) This is granted by setting the Sites/Devices/Data permission in the General Administ ...
Exploit DB: Cacti RCE via SQLi in pollers.php
This exploit module leverages a SQLi (CVE-2023-49085) and a LFI (CVE-2023-49084) vulnerability in Cacti versions prior to 1226 to achieve RCE Authentication is needed and the account must have access to the vulnerable PHP script (`pollersphp`) This is granted by setting the `Sites/Devices/Data` permissio ...

Metasploit Modules

Cacti RCE via SQLi in pollers.php

This exploit module leverages a SQLi (CVE-2023-49085) and a LFI (CVE-2023-49084) vulnerability in Cacti versions prior to 1.2.26 to achieve RCE. Authentication is needed and the account must have access to the vulnerable PHP script (`pollers.php`). This is granted by setting the `Sites/Devices/Data` permission in the `General Administration` section.

msf > use exploit/multi/http/cacti_pollers_sqli_rce
msf exploit(cacti_pollers_sqli_rce) > show targets
    ...targets...
msf exploit(cacti_pollers_sqli_rce) > set TARGET < target-id >
msf exploit(cacti_pollers_sqli_rce) > show options
    ...show and set options...
msf exploit(cacti_pollers_sqli_rce) > exploit

References

CWE-89https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.htmlhttps://lists.debian.org/debian-lts-announce/2024/03/msg00018.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.htmlhttps://www.rapid7.com/db/modules/exploit/multi/http/cacti_pollers_sqli_rce/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook