module
Cacti Import Packages RCE
| Disclosed |
|---|
| May 12, 2024 |
Disclosed
May 12, 2024
Description
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the `Import Packages` feature to upload a specially crafted
package that embeds a PHP file. Cacti will extract this file to an
accessible location. The module finally triggers the payload to execute
arbitrary PHP code in the context of the user running the web server.
Authentication is needed and the account must have access to the
`Import Packages` feature. This is granted by setting the `Import
Templates` permission in the `Template Editor` section.
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the `Import Packages` feature to upload a specially crafted
package that embeds a PHP file. Cacti will extract this file to an
accessible location. The module finally triggers the payload to execute
arbitrary PHP code in the context of the user running the web server.
Authentication is needed and the account must have access to the
`Import Packages` feature. This is granted by setting the `Import
Templates` permission in the `Template Editor` section.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.