CVE-2023-49085

HIGH

Cacti < 1.2.25 - Authenticated SQL Injection via pollers.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-49085. PoCs published by Aleksey Solovev, Christophe De La Fuente, including Metasploit module exploits/multi/http/cacti_pollers_sqli_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2023-49084 and CVE-2023-49085 in Cacti versions prior to 1.2.26, combining SQL injection and local file inclusion to achieve remote code execution. It requires authentication and specific user permissions to access the vulnerable `pollers.php` script.

Description

Cacti provides an operational monitoring and fault management framework. In versions 1.2.25 and prior, it is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. Impact of the vulnerability - arbitrary SQL code execution. As of time of publication, a patch does not appear to exist.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Aleksey Solovev, Christophe De La Fuente · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-49084 and CVE-2023-49085 in Cacti versions prior to 1.2.26, combining SQL injection and local file inclusion to achieve remote code execution. It requires authentication and specific user permissions to access the vulnerable `pollers.php` script.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Cacti < 1.2.26

Auth required

Prerequisites: Valid Cacti credentials · User permissions to access `pollers.php` · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/176995/Cacti-pollers.php-SQL-Injection-Remote-Code-Execution.html

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/Cacti/cacti/security/advisories/GHSA-vr3c-38wh-g855

Exploit, Vendor Advisory x_refsource_misc

https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/pollers.php#L451

View Exploit ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.8463

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

cacti/cacti < 1.2.25

Published Dec 22, 2023

Tracked Since Feb 18, 2026