CVE-2023-49084

HIGH

Cacti RCE via SQLi in pollers.php

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49084. PoCs published by Aleksey Solovev, Christophe De La Fuente, including Metasploit module exploits/multi/http/cacti_pollers_sqli_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2023-49084 and CVE-2023-49085 in Cacti versions prior to 1.2.26, combining SQL injection and LFI to achieve remote code execution. It includes authentication handling, CSRF token extraction, and payload delivery via log file manipulation.

Description

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Aleksey Solovev, Christophe De La Fuente · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-49084 and CVE-2023-49085 in Cacti versions prior to 1.2.26, combining SQL injection and LFI to achieve remote code execution. It includes authentication handling, CSRF token extraction, and payload delivery via log file manipulation.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cacti < 1.2.26

Auth required

Prerequisites: Valid Cacti credentials with 'Sites/Devices/Data' permissions · Access to pollers.php

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (4)

Core 4

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

Scores

CVSS v3 8.0

EPSS 0.6377

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-98

Status published

Products (1)

cacti/cacti 1.2.25

Published Dec 21, 2023

Tracked Since Feb 18, 2026