what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Cacti 1.2.26 Remote Code Execution

Cacti 1.2.26 Remote Code Execution
Posted May 15, 2024
Authored by EgiX | Site karmainsecurity.com

Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.

tags | exploit, remote, php, code execution
advisories | CVE-2024-25641
SHA-256 | 86b50d4574919755d30f44ebc0972085ad39e9820171813614fe42cf0df9f937

Cacti 1.2.26 Remote Code Execution

Change Mirror Download
----------------------------------------------------------------
Cacti <= 1.2.26 (import.php) Remote Code Execution Vulnerability
----------------------------------------------------------------


[-] Software Link:

https://cacti.net


[-] Affected Versions:

Version 1.2.26 and prior versions.


[-] Vulnerability Description:

The vulnerability is located within the "import_package()" function
defined into the /lib/import.php script. This function blindly trusts
the filename and file content provided within the uploaded XML data,
and writes such files into the Cacti base path (or even outside, since
Path Traversal sequences are not filtered). This can be exploited to
write or overwrite arbitrary files on the web server, leading to
execution of arbitrary PHP code or other security impacts.

Successful exploitation of this vulnerability requires an user account
having the "Import Templates" permission.


[-] Solution:

Upgrade to version 1.2.27 or later.


[-] Disclosure Timeline:

[17/01/2024] - Vendor notified through GitHub
[12/05/2024] - Version 1.2.27 released
[13/05/2024] - Publication of this advisory


[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2024-25641 to this vulnerability.


[-] Credits:

Vulnerability discovered by Egidio Romano.


[-] Other References:

https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88


[-] Original Advisory:

https://karmainsecurity.com/KIS-2024-04

Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close