This repository contains a Proof of Concept (PoC) for CVE-2022-46169 - Unauthenticated RCE on Cacti <= 1.2.22 by chaining an Authentication Bypass and a Command Injection, described by Sonar [in this blog post](https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/). The same vulnerabilities were also discovered by: Steven Seeley (mr_me) of Source Incite.
target URL of the Cacti application.
-f FILE File containing the command
-c CMD Command
--n_host_ids The range of host_ids to try (0 - n)
--n_local_data_ids The range of local_data_ids to try (0 - n)