Share
## https://sploitus.com/exploit?id=47963504-5AEB-5F05-B456-534D5997F3AE
# CVE-2024-29895 - RCE ON CACTI

> [!WARNING]  
> This is an educational project, I am not responsible for any use

## Usage:

`python3 poc.py -c whoami [-u https://localhost] [-f urls.txt]`

## CVE-2024-29895
CVE-2024-29895, Is a command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server

## How does it work?
On cacti versions `1.3.X dev` where `cmd_realtime.php` is present and `register_argc_argv` option is `ON` the command injection is possible thanks to manipulation of the `poller_id` parameter of an input in a `get` request

## Dork:
Google: `inurl:cmd_realtime.php`

Shodan: `Cacti`