bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/12339.txt
Offensive Security d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00

26 lines
No EOL
1.2 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

CVSSv2 Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cacti is prone to a remote command execution vulnerability because the
software fails to adequately sanitize user-suplied input.
Successful attacks can compromise the affected software and possibly
the operating system running Cacti.
The vulnerability can be triggered by any user doing:
1)
Edit or Create a Device with FQDN NotARealIPAddress;CMD; (without
single quotes) and Save it.
Edit the Device again and reload any data query already created.
CMD will be executed with Web Server rights.
2)
Edit or Create a Graph Template and use as Vertical Label
BonsaiSecLabel";CMD; " (without single quotes) and Save it.
Go to Graph Management section and Select it.
CMD will be executed with Web Server rights.
Note that other properties of a Graph Template might also be affected.
===========================================================================
Download:
===========================================================================
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12339.pdf (Bonsai-OS_Command_Injection_in_Cacti.pdf)
<Bonsai Information Security Advisories>
http://www.bonsai-sec.com/en/research/vulnerability.php
Reference in a new issue View git blame Copy permalink