PT-2010-5396 · Artica · Pandora Fms

Jgaliana

Published

2010-12-02

Updated

2018-10-10

CVE-2010-4278

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Pandora FMS versions prior to 3.1.1

Description The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an "operation/agentes/networkmap" action to "index.php".

Recommendations For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "operation/agentes/networkmap.php" endpoint to minimize the risk of exploitation. Avoid using the layout parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2010-4278

Affected Products

Pandora Fms

PT-2010-5396 · Artica · Pandora Fms

CVE-2010-4278

Weakness Enumeration

Related Identifiers

Affected Products

References · 10