Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access.
References
Link | Resource |
---|---|
https://k4m1ll0.com/cve-2020-7935.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-23T15:08:25
Updated: 2020-03-24T13:18:58
Reserved: 2020-01-23T00:00:00
Link: CVE-2020-7935
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-23T16:15:17.737
Modified: 2020-03-25T16:55:28.867
Link: CVE-2020-7935
JSON object: View
Redhat Information
No data.
CWE