CVE-2005-10004

HIGH

Cacti < 0.8.6-d - Authenticated Remote Command Execution via graph_view.php graph_start Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-10004. PoCs published by Metasploit, David Maciejak, including Metasploit module exploits/unix/webapp/cacti_graphimage_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability in Cacti's graph_view.php script by injecting arbitrary commands via the 'graph_start' parameter. It retrieves a valid image ID and triggers the vulnerability to execute the payload.

Description

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubywebappsphp
https://www.exploit-db.com/exploits/16881

This Metasploit module exploits a command injection vulnerability in Cacti's graph_view.php script by injecting arbitrary commands via the 'graph_start' parameter. It retrieves a valid image ID and triggers the vulnerability to execute the payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Cacti prior to 0.8.6-d
No auth needed
Prerequisites: Network access to the target Cacti instance · graph_view.php accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by David Maciejak · rubywebappsphp
https://www.exploit-db.com/exploits/9911

This Metasploit module exploits a command injection vulnerability in Cacti's graph_view.php script by injecting a payload into the 'graph_start' parameter, allowing remote command execution. It first retrieves a valid image ID before triggering the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Raxnet Cacti versions prior to 0.8.6-d
No auth needed
Prerequisites: Network access to the target Cacti instance · graph_view.php script accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/cacti_graphimage_exec.rb

This Metasploit module exploits a command injection vulnerability in Cacti's graph_view.php script by injecting a payload into the 'graph_start' parameter. It first retrieves a valid image ID and then triggers the command execution bug.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Cacti prior to 0.8.6-d
No auth needed
Prerequisites: Network access to the target Cacti instance · Cacti version prior to 0.8.6-d
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 8.8
EPSS 0.0178
EPSS Percentile 75.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (2)
cacti/cacti < 0.8.6d
Raxnet/Ian Berry/Cacti < 0.8.6-d
Published Aug 30, 2025
Tracked Since Feb 18, 2026