Main Vulnerability Database Exploits ID:2632 - Exploit for OS Command Injection in Cacti - CVE-2009-4112

ID:2632 - Exploit for OS Command Injection in Cacti - CVE-2009-4112

Published: May 7, 2020

Vulnerability identifier: #VU27394

Vulnerability risk: Low

CVE-ID: CVE-2009-4112

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
Cacti

Link to public exploit:

https://www.exploit-db.com/exploits/33377/

Vulnerability description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to the application allows authenticated administrators to update the "Data Input Method" for the "Linux - Get Memory Usage" setting and insert arbitrary system command. A remote authenticated administrator can execute arbitrary OS commands on the system.

Remediation

Install updates from vendor's website.

ID:2632 - Exploit for OS Command Injection in Cacti - CVE-2009-4112

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human