Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-29895Command Injection in Cacti

CWE-77Command Injection5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
93.2%
top 0.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
CactiDebian Cacti
Timeline
PublishedMay 14

Description

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

CVEListV5cacti/cacti= 1.3.x DEV
debiandebian/cacti

🔴Vulnerability Details

2
OSV
CVE-2024-29895: Cacti provides an operational monitoring and fault management framework2024-05-14
VulnCheck
Cacti cmd_realtime.php Command Injection Vulnerability2024

💥Exploits & PoCs

1
Nuclei
Cacti cmd_realtime.php - Command Injection

📋Vendor Advisories

1
Debian
CVE-2024-29895: cacti - Cacti provides an operational monitoring and fault management framework. A comma...2024