CVE-2024-29895 PoC — Cacti 安全漏洞

Source

https://github.com/secunnix/CVE-2024-29895

Associated Vulnerability

Title:Cacti 安全漏洞 (CVE-2024-29895)
Description:Cacti是Cacti团队的一套开源的网络流量监测和分析工具。该工具通过snmpget来获取数据，使用RRDtool绘画图形进行分析，并提供数据和用户管理功能。 Cacti存在安全漏洞，该漏洞源于存在命令注入漏洞，允许任何未经身份验证的用户在服务器上执行任意命令。

Description

Cacti CVE-2024-29895 POC

Readme

# CVE-2024-29895
Cacti CVE-2024-29895 POC
A command injection vulnerability allows any unauthenticated user to execute arbitrary command on the server when register_argc_argv option of PHP is On.

https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m

Usage: app -m http://site.com/ -c whoami

Or: app -w url_list.txt -c whoami

Or: app -r 192.168.1.0/24 -c whoami

File Snapshot


 [4.0K]  /data/pocs/17ba1a8e254f4dd9f66b85bc6911cd1a4b39e2bf
├── [ 160]  Cargo.toml
├── [ 382]  README.md
└── [4.0K]  src
    └── [5.7K]  main.rs

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!