vendor:
Cacti
by:
Askar
8.8
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: Cacti
Affected Version From: v1.2.8
Affected Version To: v1.2.8
Patch Exists: YES
Related CWE: CVE-2020-8813
CPE: a:cacti:cacti:1.2.8
Metasploit:
https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2020-8813/, https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2019-8813/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2019-8813/
Other Scripts:
N/A
Platforms Tested: CentOS 7.3 / PHP 7.1.33
2020
Cacti v1.2.8 Remote Code Execution
A remote code execution vulnerability exists in Cacti v1.2.8 due to insufficient sanitization of user-supplied input. An unauthenticated attacker can exploit this vulnerability by sending a malicious payload to the vulnerable server to execute arbitrary code.
Mitigation:
Upgrade to the latest version of Cacti v1.2.9 or later.
