module
Cacti color filter authenticated SQLi to RCE
| Disclosed |
|---|
| Jun 17, 2020 |
Disclosed
Jun 17, 2020
Description
This module exploits a SQL injection vulnerability in Cacti 1.2.12 and before. An admin can exploit the filter
variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the
path_php_binary value is changed within the settings table to a payload, and an update is called to execute the payload.
After calling the payload, the value is reset.
variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the
path_php_binary value is changed within the settings table to a payload, and an update is called to execute the payload.
After calling the payload, the value is reset.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.