Exploit for #VU90703 Code Injection in Cacti

Published: 2024-06-13 | Updated: 2024-08-30

Vulnerability identifier: #VU90703

Vulnerability risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2024-25641

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 5

August 30, 2024
- CVE-2024-25641 [Github]
- CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26 [Github]
- CVE-2024-25641-CACTI-RCE-1.2.26 [Github]
- CVE-2024-25641 (PoC for CVE-2024-25641 Authenticated RCE on Cacti v1.2.26) [Github]
June 13, 2024
- Cacti Import Packages RCE [Metasploit]

Impact: Code execution

Vulnerable software:
Cacti
Web applications / Other software

Vendor: The Cacti Group, Inc.