CVE-2014-4644

Cacti superlinks plugin 1.4-2 - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-4644. PoCs published by Napsterakos, Wireghoul.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in the Cacti Superlinks plugin. It provides a URL for exploitation but lacks actual exploit code or payload details.

Description

SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Napsterakos · textwebappsphp

https://www.exploit-db.com/exploits/33809

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in the Cacti Superlinks plugin. It provides a URL for exploitation but lacks actual exploit code or payload details.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Cacti Superlinks Plugin

No auth needed

Prerequisites: Access to the target URL

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Wireghoul · bashwebappsphp

https://www.exploit-db.com/exploits/35578

View Code ZIP pw:eip

This exploit leverages SQL injection in Cacti's Superlinks Plugin 1.4-2 to achieve remote code execution via a second-order LFI. It poisons the application log with PHP code and then uses SQLi to include the log file, enabling command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cacti Superlinks Plugin 1.4-2

No auth needed

Prerequisites: Access to the Superlinks plugin URL · PHP code execution context · Write access to the Cacti log file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1202 - Indirect Command Execution T1195 - Supply Chain Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/108452

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/68141

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/33809

Scores

EPSS 0.0132

EPSS Percentile 67.0%

Details

CWE

CWE-89

Status published

Products (1)

cacti/superlinks 1.4-2

Published Jun 25, 2014

Tracked Since Feb 18, 2026