Thecybergeek

**Name of the Vulnerable Software and Affected Versions** Pandora FMS version 7.0NG.742 FIX PERL2020 **Description** The issue allows authenticated administrators to upload malicious PHP scripts and execute them via base64 decoding of the file location. This is achieved through the `index.php?sec=godmode/extensions&sec2=extensions/files repo` endpoint. **Recommendations** For version 7.0NG.742 FIX PERL2020, consider restricting access to the `index.php?sec=godmode/extensions&sec2=extensions/files repo` endpoint to prevent malicious script uploads until a patch is available. As a temporary workaround, disabling the ability to upload files via this endpoint can minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.