PT-2024-7358 · Cacti +1 · Cacti +1

🗓️ 07 Oct 2024 00:00:00Reported by Positive TechnologiesType

Cacti versions before 1.2.28 expose stored cross site scripting via links.php fileurl when saving external links.

Reporter	Title	Published	Views	Family All 1342
GithubExploit	Exploit for SQL Injection in Dolibarr	3 Apr 202610:02	–	githubexploit
GithubExploit	Exploit for Incorrect Authorization in Cacti	1 May 202314:29	–	githubexploit
GithubExploit	Exploit for CVE-2024-47875	2 Sep 202514:50	–	githubexploit
GithubExploit	Exploit for Incorrect Authorization in Cacti	1 Apr 202319:20	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Cacti	29 Aug 202406:27	–	githubexploit
GithubExploit	Exploit for Incorrect Authorization in Cacti	21 May 202306:43	–	githubexploit
GithubExploit	Exploit for Incorrect Authorization in Cacti	1 May 202314:29	–	githubexploit
GithubExploit	Exploit for Incorrect Authorization in Cacti	11 Mar 202319:39	–	githubexploit
GithubExploit	Exploit for Incorrect Authorization in Cacti	13 Jan 202305:37	–	githubexploit
GithubExploit	MonitorsFour-Write-UP	26 May 202611:00	–	githubexploit

Source	Link
github	www.github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cacti_package_import_rce.rb
github	www.github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb
github	www.github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/cacti_pollers_sqli_rce.rb
github	www.github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
github	www.github.com/mhaskar/CVE-2020-8813
github	www.github.com/0xf4n9x/CVE-2022-46169
github	www.github.com/FredBrave/CVE-2022-46169-CACTI-1.2.22
github	www.github.com/sAsPeCt488/CVE-2022-46169
github	www.github.com/ariyaadinatha/cacti-cve-2022-46169-exploit
github	www.github.com/c3rrberu5/CVE-2022-46169

11 Feb 2025 00:00Current

6.2Medium risk

Vulners AI Score6.2

CVSS 28.5 - 9.3

CVSS 3.19.8 - 10

CVSS 48.7

EPSS0.94469

SSVC