CVE-2024-25641

This is a fully automated exploit for CVE-2024-25641, targeting Cacti 1.2.26. It leverages an arbitrary file write vulnerability in the 'Package Import' feature to achieve RCE by uploading a malicious XML file containing PHP code.

This exploit automates the exploitation of CVE-2024-25641 in Cacti by uploading a malicious PHP payload via a crafted gzip file. It leverages a signature bypass vulnerability to achieve remote code execution.

This PoC exploits CVE-2024-25641, an RCE vulnerability in Cacti 1.2.26, by crafting a malicious XML file with a PHP payload, signing it with a generated RSA key, and uploading it via the package import functionality. The exploit then triggers the payload to execute arbitrary commands.

This is a functional PoC for CVE-2024-25641, an authenticated RCE vulnerability in Cacti. It automates authentication, malicious package upload, and triggers a reverse shell via a crafted payload.

This repository contains a functional exploit for CVE-2024-25641, targeting Cacti 1.2.26. It leverages an authenticated arbitrary file write vulnerability in the Package Import feature to achieve Remote Code Execution (RCE).

This repository contains a functional exploit for CVE-2024-25641, an authenticated RCE vulnerability in Cacti 1.2.26. The exploit leverages the 'Package Import' feature to upload a malicious plugin containing a PHP reverse shell, achieving remote code execution.

This is a functional exploit for CVE-2024-25641, targeting an authenticated RCE vulnerability in Cacti 1.2.26. It leverages a file upload mechanism to deploy a PHP reverse shell payload.

This exploit leverages an authenticated RCE vulnerability in Cacti 1.2.26 by uploading a malicious PHP payload via a crafted GZIP file. The payload establishes a reverse shell to the attacker's specified host and port.

This Metasploit module exploits CVE-2024-25641, an arbitrary file write vulnerability in Cacti versions prior to 1.2.27, by uploading a crafted package via the `Import Packages` feature to achieve remote code execution.