CVE-2005-1524

Cacti < 0.8.6d - Remote Code Execution via top_graph_header.php config[library_path] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1524. PoCs published by Alberto Trivero, Maciej Piotr Falkiewicz.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in Cacti's 'graph_image.php' script, allowing remote command execution via unsanitized input in the 'graph_start' parameter. It downloads and executes a reverse shell script from a remote server.

Description

PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Alberto Trivero · perlwebappsphp
https://www.exploit-db.com/exploits/25927

This exploit targets a command injection vulnerability in Cacti's 'graph_image.php' script, allowing remote command execution via unsanitized input in the 'graph_start' parameter. It downloads and executes a reverse shell script from a remote server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Cacti <= 0.8.6d
No auth needed
Prerequisites: Target must be a GNU/Linux server running Cacti <= 0.8.6d · Network access to the target's Cacti installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Maciej Piotr Falkiewicz · textwebappsphp
https://www.exploit-db.com/exploits/25859

This exploit demonstrates a remote file inclusion vulnerability in RaXnet Cacti by manipulating the 'config[library_path]' parameter in 'top_graph_header.php'. An attacker can execute arbitrary server-side script code by specifying a remote script location.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: RaXnet Cacti (version not specified)
No auth needed
Prerequisites: Access to the vulnerable 'top_graph_header.php' script · Ability to host a malicious script on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_idefense
http://www.idefense.com/application/poi/display?id=265&type=vulnerabilities&flashstatus=true
Various Sources vendor-advisory x_refsource_conectiva
http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000978
Patch, Vendor Advisory x_refsource_confirm
http://www.cacti.net/release_notes_0_8_6e.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21118
Patch, Vendor Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200506-20.xml
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-764
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014252
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15931
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15490
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/17426
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16136

Scores

EPSS 0.1587
EPSS Percentile 96.5%

Details

Status published
Products (20)
the_cacti_group/cacti 0.5
the_cacti_group/cacti 0.6
the_cacti_group/cacti 0.6.1
the_cacti_group/cacti 0.6.2
the_cacti_group/cacti 0.6.3
the_cacti_group/cacti 0.6.4
the_cacti_group/cacti 0.6.5
the_cacti_group/cacti 0.6.6
the_cacti_group/cacti 0.6.7
the_cacti_group/cacti 0.6.8
... and 10 more
Published Jun 22, 2005
Tracked Since Feb 18, 2026