Skip to content
This repository has been archived by the owner on Dec 6, 2023. It is now read-only.
/ CVE-2022-46169 Public archive

PoC for CVE-2022-46169 - Unauthenticated RCE on Cacti <= 1.2.22

License

Notifications You must be signed in to change notification settings

sAsPeCt488/CVE-2022-46169

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2022-46169

This repository contains a Proof of Concept (PoC) for CVE-2022-46169 - Unauthenticated RCE on Cacti <= 1.2.22 by chaining an Authentication Bypass and a Command Injection, described by Sonar in this blog post. The same vulnerabilities were also discovered by: Steven Seeley (mr_me) of Source Incite.

Usage:

positional arguments:
  target                URL of the Cacti application.

optional arguments:
  -f FILE               File containing the command
  -c CMD                Command
  --n_host_ids          The range of host_ids to try (0 - n)
  --n_local_data_ids    The range of local_data_ids to try (0 - n)

About

PoC for CVE-2022-46169 - Unauthenticated RCE on Cacti <= 1.2.22

Topics

Resources

License

Stars

Watchers

Forks

Languages