[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Cacti Import Packages Remote Code Execution Exploit

[ 0Day-ID-39651 ]
Full title
Cacti Import Packages Remote Code Execution Exploit [ Highlight ]
Highlight - is paid service, that can help to get more visitors to your material.

Price: 10
Date add
Category
Platform
Verified
Price
free
Risk
[
Security Risk Critical
]
Rel. releases
Description
This exploit module leverages an arbitrary file write vulnerability in Cacti versions prior to 1.2.27 to achieve remote code execution. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The module finally triggers the payload to execute arbitrary PHP code in the context of the user running the web server. Authentication is needed and the account must have access to the Import Packages feature. This is granted by setting the Import Templates permission in the Template Editor section.
CVE
CVE-2024-25641
Other Information
Abuses
0
Comments
0
Views
4 230
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!
free
Open Exploit
You can open this source code for free
Open Exploit
Open Exploit
You can open this source code for free
Verified by 0day Admin
Verified by 0day Admin
This material is checked by Administration and absolutely workable.
Author
BL
29
Exploits
1671
Readers
57
[ Comments: 0 ]
Terms of use of comments:
  • Users are forbidden to exchange personal contact details
  • Haggle on other sites\projects is forbidden
  • Reselling is forbidden
Punishment: permanent block of user account with all Gold.

Login or register to leave comments