{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62094?format=json","vulnerability_id":"VCID-djhs-8g9z-3bct","summary":"Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.","aliases":[{"alias":"CVE-2024-29895"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89662?format=json","purl":"pkg:deb/debian/cacti@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89638?format=json","purl":"pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3upu-n6rg-jucm"},{"vulnerability":"VCID-5h87-xv7n-z7hk"},{"vulnerability":"VCID-gnr2-jzjp-6bfs"},{"vulnerability":"VCID-tv4b-jnha-yucw"},{"vulnerability":"VCID-ww9n-y9w8-33dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89636?format=json","purl":"pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gnr2-jzjp-6bfs"},{"vulnerability":"VCID-tv4b-jnha-yucw"},{"vulnerability":"VCID-ww9n-y9w8-33dp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89640?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89639?format=json","purl":"pkg:deb/debian/cacti@1.2.30%2Bds1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-3%3Fdistro=trixie"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29895","reference_id":"","reference_type":"","scores":[{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.9981","published_at":"2026-06-09T12:55:00Z"},{"value":"0.93223","scoring_system":"epss","scoring_elements":"0.99809","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29895"},{"reference_url":"https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d","reference_id":"53e8014d1f082034e0646edc6286cde3800c683d","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d"},{"reference_url":"https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc","reference_id":"99633903cad0de5ace636249de16f77e57a3c8fc","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc"},{"reference_url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119","reference_id":"cmd_realtime.php#L119","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m","reference_id":"GHSA-cr28-x256-xf5m","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-13T17:31:11Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m"}],"weaknesses":[{"cwe_id":77,"name":"Improper Neutralization of Special Elements used in a Command ('Command Injection')","description":"The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component."}],"exploits":[],"severity_range_score":"10.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djhs-8g9z-3bct"}