## https://sploitus.com/exploit?id=70711AEB-1B46-5871-9BA4-3E83F7D1156B
## Cacti RCE - CVE-2024-29895

## Usage:
`python3 cve-2024-29895.py -u https://target.com/ -c id`
Affecting Cacti versions 1.3.X on DEV builds where `cmd_realtime.php` is present and `POLLER_ID` is enabled.
Command Injection is possible via this endpoint, by requesting via GET with payload as HTML Query Parameters
## Dork:
Google: `inurl:cmd_realtime.php`
Shodan: `Cacti`
Hunter.how: `/product.name="Cacti"`
FOFA: `app="Cacti-Monitoring"`
## Version Checking

## Disclaimer
Please exercise caution when using this PoC. It has been strictly developed to serve as a tool automate the validation of the vulnerability.
Any misuse caused is at your own responsibility.