This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user.
e63c1aedc4dd728df608137b19687c9e69ec0ae051a555280b58f4cc45f05eb6