From 1f20bbb640aa47342935e11cb3f9d456350d73cd Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Fri, 17 May 2024 14:24:28 +0530 Subject: [PATCH] trailspace fix --- http/cves/2024/CVE-2024-29895.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2024/CVE-2024-29895.yaml b/http/cves/2024/CVE-2024-29895.yaml index 2497c33b26..d822ac3f4b 100644 --- a/http/cves/2024/CVE-2024-29895.yaml +++ b/http/cves/2024/CVE-2024-29895.yaml @@ -5,7 +5,7 @@ info: author: pussycat0x severity: critical description: | - Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. + Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. reference: - https://github.com/Stuub/CVE-2024-29895-CactiRCE-PoC - https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119