Home

Description

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.

PUBLISHED Reserved 2025-08-28 | Published 2025-08-30 | Updated 2025-09-02 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

* before 0.8.6-d
affected

Credits

David Maciejak finder

References

raw.githubusercontent.com/...webapp/cacti_graphimage_exec.rb exploit

www.exploit-db.com/exploits/9911 exploit

www.exploit-db.com/exploits/16881 exploit

www.cacti.net/info/downloads product

web.archive.org/.../http://www.cacti.net/cactid_download.php product patch

www.vulncheck.com/advisories/cacti-graph-view-rce third-party-advisory

cve.org (CVE-2005-10004)

nvd.nist.gov (CVE-2005-10004)

Download JSON