functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/156326/Pandora-FMS-7.0-Authenticated-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://engindemirbilek.github.io/pandorafms-rce | Exploit Third Party Advisory |
https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/pandorafms-rce.html | Exploit |
Configurations
History
No history.
Information
Published : 2020-02-12 18:15
Updated : 2024-02-28 17:28
NVD link : CVE-2020-8947
Mitre link : CVE-2020-8947
CVE.ORG link : CVE-2020-8947
JSON object : View
Products Affected
artica
- pandora_fms
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')