Share
## https://sploitus.com/exploit?id=40F7AD67-2EC5-598A-832B-DD52290F7635
# CVE-2022-46169

This repository contains a Proof of Concept for CVE-2022-46169 - Unauthenticated RCE on Cacti <= 1.2.22 by chaining an Authentication Bypass and a Command Injection, described by Sonar [in this blog post](https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/). The same vulnerabilities were also discovered by: Steven Seeley (mr_me) of Source Incite.

## Usage:

```
positional arguments:
  target                URL of the Cacti application.

optional arguments:
  -f FILE               File containing the command
  -c CMD                Command
  --n_host_ids          The range of host_ids to try (0 - n)
  --n_local_data_ids    The range of local_data_ids to try (0 - n)
```


![](poc.gif)