Full title: Cacti pollers.php SQL Injection / Remote Code Execution Exploit 
Category: web applications
Platform: php
This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is granted by setting the Sites/Devices/Data permission in the General Administration section.

# 0day.today @ http://0day.today/