CVE-2023-49084

HIGH

Cacti RCE via SQLi in pollers.php

Title source: metasploit

Description

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Aleksey Solovev, Christophe De La Fuente · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

[Exploit, Vendor Advisory] https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

Scores

CVSS v3 8.0

EPSS 0.8834

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-98

Status published

Products (1)

cacti/cacti 1.2.25

Published Dec 21, 2023

Tracked Since Feb 18, 2026