The Cacti version 1.2.26 is vulnerable to authenticated remote code execution. An attacker can exploit this vulnerability to execute arbitrary code on the target system. This vulnerability is identified as CVE-2024-25641.
Under certain conditions, an authenticated privileged user can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server.
In Cacti 1.2.24, under certain conditions, an authenticated privileged user can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server.
Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Cacti is vulnerable to Remote Command Execution (RCE) due to improper input validation. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary commands on the server.
This exploit open a remote shell on the targets that uses Cacti. TARGET HOST MUST BE A GNU/LINUX SERVER, if not manual exploiting can be done by accessing http://www.example.com/cacti/graph_image.php?local_graph_id=[valid_value]&graph_start=%0a[command]%0a
Cacti is prone to multiple unspecified input-validation vulnerabilities, including multiple cross-site scripting vulnerabilities, multiple SQL-injection vulnerabilities, and an HTTP response-splitting vulnerability. Attackers may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, or to execute arbitrary script code in the browser of an unsuspecting user.
Cacti is prone to multiple cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Examples of vulnerable URLs include: http://www.example.com/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27, http://www.example.com/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E, http://www.example.com/graph.php?action=properties&local_graph_id=201&rra_id=0&view_type=tree&graph_start=%3C/pre%3E%3Cscript%3Ealert(4)%3C/script%3E%3Cpre%3E
Cacti is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
A HTTP GET request against the URL http://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27 and a HTTP POST request against http://CACTIHOST/graph_view.php?action=tree&tree_id=1&leaf_id=7&select_first=true with an 'application/x-www-form-urlencoded' content type HTTP body part containing date1=%27%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3Cx+y%3D%27' can be used to exploit the Cross Site Scripting vulnerability in Cacti 0.8.7e and earlier versions.
Services By CQR