← volver
CVE-2020-8813

CVE-2020-8813

EPSS 73.8%
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
Productos afectados
n/a · n/a
PoCs públicas encontradas10
githubgithub.com/mhaskar/CVE-2020-881367githubgithub.com/p0dalirius/CVE-2020-8813-Cacti-RCE-in-graph_realtime7githubgithub.com/hexcowboy/CVE-2020-88131githubgithub.com/0xm4ud/Cacti-CVE-2020-88131exploitdbwww.exploit-db.com/exploits/48144no verificadocve_referencepacketstormsecurity.com/files/156537/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/48145no verificadocve_referencepacketstormsecurity.com/files/156538/Cacti-1.2.8-Authenticated-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/156593/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.htmlno verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.htmlhttp://packetstormsecurity.com/files/156537/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156538/Cacti-1.2.8-Authenticated-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156593/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.htmlhttps://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/viewhttps://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129https://github.com/Cacti/cacti/issues/3285https://github.com/Cacti/cacti/releaseshttps://lists.debian.org/debian-lts-announce/2022/12/msg00039.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M77SS33IDVNGBU566TK2XVULPW3RXUQ4/