In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality
References
Link | Resource |
---|---|
https://k4m1ll0.com/cve-2020-8500.html | Exploit Third Party Advisory |
https://pandorafms.com/downloads/extension-uploader-feature-explained.mp4 |
Configurations
History
07 Nov 2023, 03:26
Type | Values Removed | Values Added |
---|---|---|
Summary | In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality |
Information
Published : 2020-03-02 16:15
Updated : 2024-05-14 07:44
NVD link : CVE-2020-8500
Mitre link : CVE-2020-8500
CVE.ORG link : CVE-2020-8500
JSON object : View
Products Affected
artica
- pandora_fms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type