What is CVE-2020-8813?

CVE-2020-8813 is a vulnerability in N/a. Published 2020-02-22.

Is CVE-2020-8813 known to be exploited?

43 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-8813

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

EPSS: 0.936 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

mhaskar/CVE-2020-8813
p0dalirius/CVE-2020-8813-Cacti-RCE-in-graph_realtime
hexcowboy/CVE-2020-8813
0xm4ud/Cacti-CVE-2020-8813
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
CnHack3r/Penetration_
Coldplay1517/Middleware-Vulnerability-detection-master
EchoGin404/-
EchoGin404/gongkaishouji

References

gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129
drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view
github.com/Cacti/cacti/releases
shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/
github.com/Cacti/cacti/issues/3285
packetstormsecurity.com/files/156538/Cacti-1.2.8-Authenticated-Remote-Code-Exec…
packetstormsecurity.com/files/156537/Cacti-1.2.8-Unauthenticated-Remote-Code-Ex…
packetstormsecurity.com/files/156593/Cacti-1.2.8-Unauthenticated-Remote-Code-Ex…
FEDORA-2020-552e4e7879 (vendor-advisory)
FEDORA-2020-10fe60d68b (vendor-advisory)

Frequently asked questions

What is CVE-2020-8813?: CVE-2020-8813 is a vulnerability in N/a. Published 2020-02-22.
Is CVE-2020-8813 known to be exploited?: 43 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.