.. / CVE-2020-8813

Exploit for Cacti v1.2.8 - Remote Code Execution (CVE-2020-8813)

Description:

Cacti v1.2.8 is susceptible to remote code execution. This vulnerability could be exploited without authentication if “Guest Realtime Graphs” privileges are enabled.

Nuclei Template

View the template here CVE-2020-8813.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-8813.yaml

References:

https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/
https://nvd.nist.gov/vuln/detail/CVE-2020-8813
https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129
https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view
https://github.com/Cacti/cacti/releases

.. / CVE-2020-8813 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Cacti v1.2.8 - Remote Code Execution (CVE-2020-8813)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-8813