Delete CVE-2022-46169.yaml

cves/2022/CVE-2022-46169.yaml

@@ -1,45 +0,0 @@
-id: CVE-2022-46169
-
-info:
-  name:  Remote command execution in Cacti <= 1.2.22 - Unauthenticated Command Injection
-  author: Hardik-Solanki
-  severity: Critical
-  shodan query: title:"Login to Cacti"
-  description: |
-     The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request  to the affected instance and execute arbitrary OS commands on the server.
-  reference:
-    - https://security-tracker.debian.org/tracker/CVE-2022-46169
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-46169
-    - https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
-	- https://www.cybersecurity-help.cz/vdb/SB2022121926
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 9.8
-    cve-id: CVE-2022-46169
-	cwe-id: CWE-285
-	
-  metadata:
-    verified: true
-  tags: cve,cve2022,bypass,brute-force,unauth
-
-requests:
-  - raw:
-      - |
-        GET /cacti/remote_agent.php?action=polldata&poller_id=1&host_id=1&local_data_ids[]=1 HTTP/1.1
-        Host: {{Hostname}}
-		X-Forwarded-For: 127.0.0.1
-	
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "[]"
-		  - "rrd_name"
-		  - "value"
-		  - "local_data_id"
-		condition: or
-
-      - type: status
-        status:
-          - 200