CVE-2020-14295

Related Files

Cacti 1.2.12 SQL Injection / Remote Command Execution

Posted Jun 2, 2021

Authored by h00die, Leonardo Paiva, Mayfly277 | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the path_php_binary value is changed within the settings table to a payload, and an update is called to execute the payload. After calling the payload, the value is reset.

tags | exploit, arbitrary, php, sql injection

advisories | CVE-2020-14295

SHA-256 | 636d9fd6c79efe80bdd9f0da7f4060e559ca7cd87b6b1526a2a11e1ac747f750

Download | Favorite | View

Cacti 1.2.12 SQL Injection / Remote Code Execution

Posted Apr 29, 2021

Authored by M4yFly, Leonardo Paiva

Cacti version 1.2.12 remote code execution exploit that leverages a remote SQL vulnerability.

tags | exploit, remote, code execution, sql injection

advisories | CVE-2020-14295

SHA-256 | 5599594befaf80c893938a8659f1ac8a0b62ce19e5b98e608838251275c379bd

Download | Favorite | View

Gentoo Linux Security Advisory 202007-03

Posted Jul 27, 2020

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202007-3 - Multiple vulnerabilities have been found in Cacti, the worst of which could result in the arbitrary execution of code. Versions less than 1.2.13 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2020-11022, CVE-2020-11023, CVE-2020-14295

SHA-256 | b91c68deb806affd52aaef7ec8de220f22efb4b1fd563f5e4c88378a9d9c35b7

Download | Favorite | View