python3 cve-2024-29895.py -u https://target.com/ -c id
Affecting Cacti versions 1.3.X on DEV builds where cmd_realtime.php
is present and POLLER_ID
is enabled.
Command Injection is possible via this endpoint, by requesting via GET with payload as HTML Query Parameters
Google: inurl:cmd_realtime.php
Shodan: Cacti
Hunter.how: /product.name="Cacti"
FOFA: app="Cacti-Monitoring"
Please exercise caution when using this PoC. It has been strictly developed to serve as a tool automate the validation of the vulnerability. Any misuse caused is at your own responsibility.