cacti

Interesting Paths

# version
/CHANGELOG

# config file
/usr/share/cacti/cacti/include/config.php
/usr/share/cacti/cacti/include/config.php.dist

Default Credentials

admin:admin

RCE (unauthenticated)

v1.2.8

https://github.com/mhaskar/CVE-2020-8813
https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/

# if doesnt work try modified one

cacti v1.2.8 unauthenticated RCE

RCE (authenticated)

v1.2.12

https://www.exploit-db.com/exploits/49810
https://github.com/0z09e/CVE-2020-14295

Previousbooked scheduler Nextcentreon

Last updated 3 years ago