Raxnet Cacti Command Execution Vulnerability

Raxnet Cacti Command Execution Vulnerability

Raxnet Cacti is a frontend for rrdtool, a round robin database for monitoring network activity. It stores information to create graphs and populate them with information from a MySQL database.

Cacti does not properly validate input into fields that should only contain text. If a command is entered into a label field on a graph, Cacti will execute the command on the underlying system.

It has been reported that the attacker must have administrative access to Cacti to exploit this issue.