CVE-2020-14295

This exploit leverages SQL injection in Cacti 1.2.12 via the 'filter' parameter to dump credentials and achieve remote code execution by modifying the 'path_php_binary' setting to execute a reverse shell.

This exploit leverages an authenticated SQL injection in Cacti's `color.php` to achieve remote code execution by modifying the `path_php_binary` setting to execute a reverse shell. The PoC automates the process, including CSRF token extraction and payload delivery.

This is a functional exploit for CVE-2020-14295, which chains SQL injection with remote code execution in Cacti 1.2.12. It authenticates, injects a malicious payload to modify the PHP binary path, and triggers a reverse shell via netcat.

This Metasploit module exploits a SQL injection vulnerability in Cacti 1.2.12 and earlier, allowing an authenticated admin to execute arbitrary SQL queries and achieve remote code execution by modifying the `path_php_binary` setting.