CVE-2017-15937

Name of the Vulnerable Software and Affected Versions Artica Pandora FMS version 7.0

Description The issue allows the leakage of a full installation pathname through GET data when the main page's graph requisition is intercepted. This also results in the disclosure of general OS information, as certain pathnames can indicate the operating system being used, such as a /var/www pathname suggesting Linux or UNIX.

Recommendations For Artica Pandora FMS version 7.0, consider restricting access to the graph requisition on the main page to minimize the risk of pathname and OS information leakage until a fix is available.