Warning
This is an educational project, I am not responsible for any use
python3 poc.py -c whoami [-u https://localhost] [-f urls.txt]
CVE-2024-29895, Is a command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server
On cacti versions 1.3.X dev where cmd_realtime.php is present and register_argc_argv option is ON the command injection is possible thanks to manipulation of the poller_id parameter of an input in a get request
Google: inurl:cmd_realtime.php
Shodan: Cacti