CVSSv2 Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cacti is prone to a remote command execution vulnerability because the
software fails to adequately sanitize user-suplied input.
Successful attacks can compromise the affected software and possibly
the operating system running Cacti.
The vulnerability can be triggered by any user doing:
1)
Edit or Create a Device with FQDN ‘NotARealIPAddress;CMD;’ (without
single quotes) and Save it.
Edit the Device again and reload any data query already created.
CMD will be executed with Web Server rights.
2)
Edit or Create a Graph Template and use as Vertical Label
‘BonsaiSecLabel";CMD; "’ (without single quotes) and Save it.
Go to Graph Management section and Select it.
CMD will be executed with Web Server rights.
Note that other properties of a Graph Template might also be affected.
===========================================================================
Download:
===========================================================================
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12339.pdf (Bonsai-OS_Command_Injection_in_Cacti.pdf)
<Bonsai Information Security Advisories>
http://www.bonsai-sec.com/en/research/vulnerability.php