Exploit for Command Injection in Cacti CVE-2022-46169

Name: Exploit for Command Injection in Cacti CVE-2022-46169
Rating: 5 (101 reviews)

2023-01-13 | CVSS 1.4

## https://sploitus.com/exploit?id=CFFE9443-6CBC-5BD1-8592-316791169D58
# CVE-2022-46169 Exploit
Exploit to CVE-2022-46169 vulnerability on Cacti 1.2.19


[Options]

```
-u --url victim's url

-f --forwarded X-Forwarded value to bypass the auth

-m --mode: check for Checking for Vulnerable Servers, or exploit for Fun exploitation mode :D
```
[Usage]

```
1. $> ./cve_2022_46169.py -u http://10.10.10.10/cacti -f 10.10.10.10 -m exploit
2. $> ./cve_2022_46169.py -u http://10.10.10.10/cacti -f 127.0.0.1 -m check
```
[References]

https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/

![image](https://user-images.githubusercontent.com/109983457/212446392-27280172-2fb7-4416-936f-3340b26087e0.png)