CVE-2014-4644
published 2014-06-25CVE-2014-4644: SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.32%
67.2th percentile
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | superlinks | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion
exploitdb·2014-12-19·CVSS 7.5
CVE-2014-4644 [HIGH] Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion
Cacti Superlinks Plugin 1.4-2 - SQL Injection / Local File Inclusion
---
#!/bin/sh
##############
# Exploit Title: Cacti - Superlinks Plugin 1.4-2 RCE(LFI) via SQL Injection
# Date: 19/12/2014
# Exploit Author: Wireghoul
# Software Link: http://docs.cacti.net/plugin:superlinks
# Identifiers: CVE-2014-4644, EDB-ID-33809
# Exploit explanation through inline comments
# Patch provided at the end
#
# This is the year where hope fails you -- Slipknot: Pulse of the maggots
#
##############
echo -e "\e[32m *-*, \e[31m ___________"
echo -e "\e[32m ,*\/|\`| ; \e[31m /.'_______\`.\\"
echo -e "\e[32m \\' | |'; *, \e[31m /( (_______\`-'\\"
echo -e "\e[32m \ \`| | ;/ ) \e[31m \`.\`.______ \.'"
echo -e "\e[32m : |'| , / \e[31m \`..-.___>.'"
echo -e "\e[32m :'| |, / \e[31m \`.__ .'\e[0m"
echo -e " ____
Exploit-DB
Cacti Superlinks Plugin 1.4-2 - SQL Injection
exploitdb·2014-06-18
CVE-2014-4644 Cacti Superlinks Plugin 1.4-2 - SQL Injection
Cacti Superlinks Plugin 1.4-2 - SQL Injection
---
$$$$$$\ $$\ $$\ $$$$$$\
$$ __$$\ $$ | $$ | $$ __$$\
$$ / \__| $$ | $$ | $$ / \__|
$$ |$$$$\ $$$$$$$$ | \$$$$$$\
$$ |\_$$ | $$ __$$ | \____$$\
$$ | $$ | $$ | $$ | $$\ $$ |
\$$$$$$ |$$\ $$ | $$ |$$\\$$$$$$ |
\______/ \__|\__| \__|\__|\______/
# Exploit Title: Cacti - Superlinks Plugin SQL Injection
# Google Dork: inurl:"/cacti/plugins/superlinks/"
# Date: 18/06/2014
# Exploit Author: Napsterakos
# Software Link: http://docs.cacti.net/plugin:superlinks
Link: http://localhost/cacti/plugins/superlinks/
Exploit: http://localhost/cacti/plugins/superlinks/superlinks.php?id=[SQLi]
Credits to: Greek Hacking Scene
No writeups or analysis indexed.
2014-06-25
Published