Exploitation Summary
EIP tracks 10 public exploits for CVE-2024-25641.
PoCs published by D3Ext, leo-mitch, thisisveryfunny, including Metasploit module exploits/multi/http/cacti_package_import_rce.
AI-analyzed exploit summary This exploit leverages an authenticated RCE vulnerability in Cacti 1.2.26 by uploading a malicious PHP payload via a crafted GZIP file. The payload establishes a reverse shell to the attacker's specified host and port.
Description
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.
Exploits (10)
This exploit leverages an authenticated RCE vulnerability in Cacti 1.2.26 by uploading a malicious PHP payload via a crafted GZIP file. The payload establishes a reverse shell to the attacker's specified host and port.
This repository contains a functional exploit for CVE-2024-25641, an arbitrary file write vulnerability in Cacti 1.2.26. The exploit automates the process of generating a malicious XML file, uploading it via the 'Package Import' feature, and achieving remote code execution (RCE) by writing a PHP script to the server.
This is a fully automated exploit for CVE-2024-25641, targeting Cacti 1.2.26. It leverages an arbitrary file write vulnerability in the 'Package Import' feature to achieve RCE by uploading a malicious XML file containing PHP code.
This exploit automates the exploitation of CVE-2024-25641 in Cacti by uploading a malicious PHP payload via a crafted gzip file. It leverages a signature bypass vulnerability to achieve remote code execution.
This PoC exploits CVE-2024-25641, an RCE vulnerability in Cacti 1.2.26, by crafting a malicious XML file with a PHP payload, signing it with a generated RSA key, and uploading it via the package import functionality. The exploit then triggers the payload to execute arbitrary commands.
This is a functional PoC for CVE-2024-25641, an authenticated RCE vulnerability in Cacti. It automates authentication, malicious package upload, and triggers a reverse shell via a crafted payload.
This repository contains a functional exploit for CVE-2024-25641, targeting Cacti 1.2.26. It leverages an authenticated arbitrary file write vulnerability in the Package Import feature to achieve Remote Code Execution (RCE).
This repository contains a functional exploit for CVE-2024-25641, an authenticated RCE vulnerability in Cacti 1.2.26. The exploit leverages the 'Package Import' feature to upload a malicious plugin containing a PHP reverse shell, achieving remote code execution.
This is a functional exploit for CVE-2024-25641, targeting an authenticated RCE vulnerability in Cacti 1.2.26. It leverages a file upload mechanism to deploy a PHP reverse shell payload.
This Metasploit module exploits CVE-2024-25641, an arbitrary file write vulnerability in Cacti versions prior to 1.2.27, by uploading a crafted package via the `Import Packages` feature to achieve remote code execution.
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H