Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-xbb2-av4z-m3dp
Vulnerability ID VCID-xbb2-av4z-m3dp
Aliases CVE-2022-46169
Summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.
Status Published
Exploitability 2.0
Weighted Severity 8.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
System Score Found at
epss 0.94469 https://api.first.org/data/v1/epss?cve=CVE-2022-46169
cvssv3.1 9.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216
ssvc Attend https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216
cvssv3.1 9.8 https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
ssvc Attend https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
cvssv3.1 9.8 https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
ssvc Attend https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
cvssv3.1 9.8 https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
ssvc Attend https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-46169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1025648 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025648
7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216 https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216
a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9 https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
CVE-2022-46169 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/51166.py
GHSA-6p93-p743-35gf https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
GLSA-202412-02 https://security.gentoo.org/glsa/202412-02
USN-7226-1 https://usn.ubuntu.com/7226-1/
Data source Exploit-DB
Date added March 31, 2023
Description Cacti v1.2.22 - Remote Command Execution (RCE)
Ransomware campaign use Unknown
Source publication date March 31, 2023
Exploit type webapps
Platform php
Source update date March 31, 2023
Data source KEV
Date added Feb. 16, 2023
Description Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.
Required action Apply updates per vendor instructions.
Due date March 9, 2023
Note 
https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf;  https://nvd.nist.gov/vuln/detail/CVE-2022-46169
Ransomware campaign use Unknown
Data source Metasploit
Description This module exploits an unauthenticated command injection vulnerability in Cacti through 1.2.22 (CVE-2022-46169) in order to achieve unauthenticated remote code execution as the www-data user. The module first attempts to obtain the Cacti version to see if the target is affected. If LOCAL_DATA_ID and/or HOST_ID are not set, the module will try to bruteforce the missing value(s). If a valid combination is found, the module will use these to attempt exploitation. If LOCAL_DATA_ID and/or HOST_ID are both set, the module will immediately attempt exploitation. During exploitation, the module sends a GET request to /remote_agent.php with the action parameter set to polldata and the X-Forwarded-For header set to the provided value for X_FORWARDED_FOR_IP (by default 127.0.0.1). In addition, the poller_id parameter is set to the payload and the host_id and local_data_id parameters are set to the bruteforced or provided values. If X_FORWARDED_FOR_IP is set to an address that is resolvable to a hostname in the poller table, and the local_data_id and host_id values are vulnerable, the payload set for poller_id will be executed by the target. This module has been successfully tested against Cacti version 1.2.22 running on Ubuntu 21.10 (vulhub docker image)
Note 
Stability:
  - crash-safe
SideEffects:
  - artifacts-on-disk
  - ioc-in-logs
Reliability:
  - repeatable-session
Ransomware campaign use Unknown
Source publication date Dec. 5, 2022
Platform Linux,Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/ Found at https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/ Found at https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/ Found at https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-05-13T17:39:57Z/ Found at https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
Exploit Prediction Scoring System (EPSS)
Percentile 0.99998
EPSS Score 0.94469
Published At April 13, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:04:43.446898+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202412-02 38.0.0