CVE-2005-10004

HIGH

Cacti <0.8.6-d - RCE

Title source: llm

Description

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/16881

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by David Maciejak · rubywebappsphp

https://www.exploit-db.com/exploits/9911

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/cacti_graphimage_exec.rb

View Code ZIP pw:eip

References (6)

[Exploit] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/cacti_graphimage_exec.rb

[Product] https://web.archive.org/web/20050305034552/http://www.cacti.net/cactid_download.php

[Product] https://www.cacti.net/info/downloads

[Exploit] https://www.exploit-db.com/exploits/16881

[Exploit] https://www.exploit-db.com/exploits/9911

[Third Party Advisory, Exploit] https://www.vulncheck.com/advisories/cacti-graph-view-rce

Scores

CVSS v3 8.8

EPSS 0.5400

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-78

Status published

Affected Products (1)

cacti/cacti < 0.8.6d

Timeline

Published Aug 30, 2025

Tracked Since Feb 18, 2026