Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-bzm7-peh5-nqba
SummaryCacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.
Aliases
0
alias CVE-2024-29895
Fixed_packages
0
url pkg:deb/debian/cacti@0?distro=trixie
purl pkg:deb/debian/cacti@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie
1
url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-cqr3-wwhj-tyck
2
vulnerability VCID-pxqa-nkv3-jqfs
3
vulnerability VCID-xkkm-ss3p-1udc
4
vulnerability VCID-zxu5-equ9-1kam
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie
purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4e5y-1s19-r7g7
1
vulnerability VCID-pxqa-nkv3-jqfs
2
vulnerability VCID-xkkm-ss3p-1udc
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie
3
url pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie
4
url pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29895
reference_id
reference_type
scores
0
value 0.93223
scoring_system epss
scoring_elements 0.99799
published_at 2026-04-02T12:55:00Z
1
value 0.93223
scoring_system epss
scoring_elements 0.99803
published_at 2026-04-16T12:55:00Z
2
value 0.93223
scoring_system epss
scoring_elements 0.99802
published_at 2026-04-13T12:55:00Z
3
value 0.93223
scoring_system epss
scoring_elements 0.99801
published_at 2026-04-12T12:55:00Z
4
value 0.93223
scoring_system epss
scoring_elements 0.998
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29895
1
reference_url https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d
reference_id 53e8014d1f082034e0646edc6286cde3800c683d
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/
url https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d
2
reference_url https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc
reference_id 99633903cad0de5ace636249de16f77e57a3c8fc
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/
url https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc
3
reference_url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119
reference_id cmd_realtime.php#L119
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/
url https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119
4
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m
reference_id GHSA-cr28-x256-xf5m
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m
Weaknesses
0
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Exploits
Severity_range_score10.0 - 10.0
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-bzm7-peh5-nqba