Cacti 0.8.7e - OS Command Injection

EDB-ID:

12339

CVE:

N/A


Platform:

PHP

Published:

2010-04-22

CVSSv2 Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cacti is prone to a remote command execution vulnerability because the
software fails to adequately sanitize user-suplied input.
Successful attacks can compromise the affected software and possibly
the operating system running Cacti.
The vulnerability can be triggered by any user doing:
1)
Edit or Create a Device with FQDN ‘NotARealIPAddress;CMD;’ (without
single quotes) and Save it.
Edit the Device again and reload any data query already created.
CMD will be executed with Web Server rights.
2)
Edit or Create a Graph Template and use as Vertical Label
‘BonsaiSecLabel";CMD; "’ (without single quotes) and Save it.
Go to Graph Management section and Select it.
CMD will be executed with Web Server rights.
Note that other properties of a Graph Template might also be affected.

===========================================================================
Download:
===========================================================================
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/12339.pdf (Bonsai-OS_Command_Injection_in_Cacti.pdf)


<Bonsai Information Security Advisories>
http://www.bonsai-sec.com/en/research/vulnerability.php