漏洞描述
Cacti是一套基于PHP、MySQL、SNMP及RRDTool开发的网络流量监测图形分析工具。Cacti存在命令注入漏洞,此漏洞是由于cmd_realtime.php接口对用户的请求验证不当导致的。
Cacti cmd_realtime CVE-2024-29895 命令注入漏洞
PoC代码
暂无相关漏洞推荐
- POCCVE-2022-46169: Cacti remote_agent.php 远程命令执行漏洞
- POCCVE-2020-8813: Cacti v1.2.8 - Remote Code Execution
- POCCVE-2021-26247: Cacti - Cross-Site Scripting
- POCCVE-2022-46169: Cacti <=1.2.22 - Remote Command Injection
- POCCVE-2023-30534: Cacti < 1.2.25 Insecure Deserialization
- POCCVE-2023-39361: Cacti 1.2.24 - SQL Injection
- POCCVE-2024-29895: Cacti cmd_realtime.php - Command Injection
- POCCVE-2020-8813: Cacti v1.2.8 - Remote Code Execution
- POCCVE-2021-26247: Cacti - Cross-Site Scripting
- POCCVE-2022-46169: Cacti <=1.2.22 - Remote Command Injection
- POCCVE-2023-30534: Cacti < 1.2.25 Insecure Deserialization
- POCCVE-2023-39361: Cacti 1.2.24 - SQL Injection
- POCCVE-2024-29895: Cacti cmd_realtime.php - Command Injection