Cacti RCE – CVE-2024-29895 Exploit

Cacti RCE – CVE-2024-29895 Exploit

vPython by Prapattimynk

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the s

Android Android 5.0Exploits And POCs
( 857 ratings )
Price: $0
File Cacti RCE - CVE-2024-29895 Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size -
File Type Python
Os All
Mod Version Python
Report Report
Cacti RCE - CVE-2024-29895 Exploit is the most famous version in the Cacti RCE - CVE-2024-29895 Exploit series of publisher
Download

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER[‘argv’]`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.

CVE-2024-29895 PoC – Exploiting remote command execution in Cacti servers using the 1.3.X DEV branch builds



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.