CVE-2024-29895

EPSS 93.22%
Veröffentlicht 14.05.2024 15:17:15
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Cacti command injection in cmd_realtime.php

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellercacti

≫

Produkt cacti

Default Statusunknown

Version 1.3.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.22%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119

https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d

https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc

https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m

https://nvd.nist.gov/vuln/detail/CVE-2024-29895

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-29895

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-29895

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-29895