A command injection vulnerability exists on the Cacti server that allows an unauthenticated user to execute arbitrary code. The vulnerability resides in the remote_agent.php file. This file can be accessed without authentication.
Binary data cacti_cmd_injection_CVE-2022-46169.nbin