CVE-2020-7935

Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access.
References
Link Resource
https://k4m1ll0.com/cve-2020-7935.html Exploit Third Party Advisory
https://k4m1ll0.com/cve-2020-7935.html Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:38

Type Values Removed Values Added
References () https://k4m1ll0.com/cve-2020-7935.html - Exploit, Third Party Advisory () https://k4m1ll0.com/cve-2020-7935.html - Exploit, Third Party Advisory

Information

Published : 2020-03-23 16:15

Updated : 2024-11-21 05:38


NVD link : CVE-2020-7935

Mitre link : CVE-2020-7935

CVE.ORG link : CVE-2020-7935


JSON object : View

Products Affected

artica

  • pandora_fms
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type