Description

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.

INFO

Published Date :

2024-05-13T14:33:27.594Z

Last Modified :

2024-08-02T01:17:58.192Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-29895 vulnerability.

Vendors Products
Cacti
  • Cacti
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-29895.

URL Resource
https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119 cve-icon cve-icon cve-icon
https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d cve-icon cve-icon cve-icon
https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc cve-icon cve-icon cve-icon
https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact