vendor:
Cacti
by:
Askar
8.8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: Cacti
Affected Version From: v1.2.8
Affected Version To: v1.2.8
Patch Exists: YES
Related CWE: CVE-2020-8813
CPE: a:cacti:cacti:1.2.8
Metasploit:
https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2019-8813/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2019-8813/
Other Scripts:
N/A
Platforms Tested: CentOS 7.3 / PHP 7.1.33
2020
Cacti v1.2.8 Unauthenticated Remote Code Execution
Cacti v1.2.8 is vulnerable to unauthenticated remote code execution. An attacker can send a malicious request with a payload to the graph_realtime.php file to execute arbitrary code on the server. The payload is sent as a cookie with the name 'Cacti' and the value is the malicious command encoded with the quote() function.
Mitigation:
Upgrade to the latest version of Cacti.
