漏洞描述
Cacti 存在 Reports Creation 匿名账户远程命令执行漏洞,影响版本为:version <= 1.2.24,利用条件为启用匿名访问、且匿名账户具备 ReportsCreation 权限
Cacti Reports Creation 匿名账户远程命令执行漏洞
PoC代码
暂无相关漏洞推荐
- POC aem-anonymous-write: Adobe Experience Manager (AEM) - Anonymous JCR Node Creation
- POC unifi-create-user: UniFi - Unauthenticated Creation Access For Users
- POC CVE-2012-3153: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
- POC CVE-2018-18809: TIBCO JasperReports Library - Directory Traversal
- POC CVE-2019-12583: Zyxel ZyWall UAG/USG - Account Creation Access
- POC CVE-2019-9879: WPGraphQL 0.2.3 - User Creation
- POC CVE-2020-8813: Cacti v1.2.8 - Remote Code Execution
- POC CVE-2021-26247: Cacti - Cross-Site Scripting
- POC CVE-2021-27358: Grafana Unauthenticated Snapshot Creation
- POC CVE-2021-34621: WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness
- POC CVE-2021-46418: Telesquare TLR-2855KS6 - Arbitrary File Creation
- POC CVE-2022-25369: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
- POC CVE-2022-46169: Cacti <=1.2.22 - Remote Command Injection