SERVER-WEBAPP -- Snort has detected traffic exploiting vulnerabilities in web based applications on servers.
SERVER-WEBAPP Cacti cmd_realtime.php command injection attempt
This rule looks for injection metacharacters included in requests to Cacti's "cmd_realtime.php" endpoint that are intended to exploit a command injection vulnerability.
This rule fires on attempts to exploit a command injection vulnerability in the Cacti web application.
Public information/Proof of Concept available
No known false positives
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
Command Injection
Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.
CVE-2024-29895 |
Loading description
|