CVE-2010-4282

Name of the Vulnerable Software and Affected Versions Pandora FMS versions prior to 3.1.1

Description The issue allows remote attackers to include and execute arbitrary local files via specific parameters in various PHP files. This can be achieved through the "page" parameter to "ajax.php", the "id" parameter to "general/pandora help.php", or the "layout" parameter to "operation/agentes/networkmap.php". This could potentially allow attackers to create, modify, or delete arbitrary local files.

Recommendations For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected PHP files, specifically "ajax.php", "general/pandora help.php", and "operation/agentes/networkmap.php", until the update can be applied.