{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/224812?format=json","vulnerability_id":"VCID-bzm7-peh5-nqba","summary":"Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.","aliases":[{"alias":"CVE-2024-29895"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582137?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582138?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-cqr3-wwhj-tyck"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"},{"vulnerability":"VCID-zxu5-equ9-1kam"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582140?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e5y-1s19-r7g7"},{"vulnerability":"VCID-pxqa-nkv3-jqfs"},{"vulnerability":"VCID-xkkm-ss3p-1udc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582142?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582143?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1077411?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29895","reference_id":"","reference_type":"","scores":[{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99807","published_at":"2026-05-14T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99799","published_at":"2026-04-02T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.998","published_at":"2026-04-04T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99801","published_at":"2026-04-12T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99802","published_at":"2026-04-13T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99803","published_at":"2026-04-18T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99804","published_at":"2026-04-26T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99806","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29895"},{"reference_url":"https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d","reference_id":"53e8014d1f082034e0646edc6286cde3800c683d","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d"},{"reference_url":"https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc","reference_id":"99633903cad0de5ace636249de16f77e57a3c8fc","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc"},{"reference_url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119","reference_id":"cmd_realtime.php#L119","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m","reference_id":"GHSA-cr28-x256-xf5m","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m"}],"weaknesses":[{"cwe_id":77,"name":"Improper Neutralization of Special Elements used in a Command ('Command Injection')","description":"The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component."}],"exploits":[],"severity_range_score":"10.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzm7-peh5-nqba"}