Lucene search

CVE-2022-46169

🗓️ 05 Dec 2022 21:10:15Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 21 Media mentions👁 609 Views🌐 WEB

Cacti use allowing unauthorized command execution via `remote_agent.php`

Reporter	Title	Published	Views	Family All 94
CNVD	Command Execution Vulnerability in Cacti	22 Feb 202300:00	–	cnvd
UbuntuCve	CVE-2022-46169	5 Dec 202200:00	–	ubuntucve
GithubExploit	Exploit for OS Command Injection in Cacti	1 May 202314:29	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Cacti	15 Jan 202322:46	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Cacti	4 Sep 202423:13	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Cacti	5 Jan 202316:56	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Cacti	1 May 202314:29	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Cacti	1 Apr 202322:37	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Cacti	2 Jan 202318:03	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Cacti	2 Feb 202318:21	–	githubexploit

Nvd

Vulners

Vulnrichment

Node

cacti cactiRange<1.2.23

[
  {
    "vendor": "Cacti",
    "product": "cacti",
    "versions": [
      {
        "version": "< 1.2.23",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
github	www.github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
github	www.github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
github	www.github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216

Parameter	Position	Path	Description	CWE
action	query param	/remote_agent.php	Command injection vulnerability in Cacti allows unauthenticated remote code execution via crafted HTTP requests to the remote_agent.php endpoint.	CWE-78, CWE-74, CWE-863
local_data_ids[]	query param	/remote_agent.php	Command injection vulnerability in Cacti allows unauthenticated remote code execution via crafted HTTP requests to the remote_agent.php endpoint.	CWE-78, CWE-74, CWE-863
host_id	query param	/remote_agent.php	Command injection vulnerability in Cacti allows unauthenticated remote code execution via crafted HTTP requests to the remote_agent.php endpoint.	CWE-78, CWE-74, CWE-863
poller_id	query param	/remote_agent.php	Command injection vulnerability in Cacti allows unauthenticated remote code execution via crafted HTTP requests to the remote_agent.php endpoint.	CWE-78, CWE-74, CWE-863

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Dec 2022 21:15Current

10High risk

Vulners AI Score10

CVSS39.8

EPSS0.96253

cacti open source command injection remote code execution vulnerability patch authorization bypass security advisory nvd cve-2022-46169