CVE-2018-11221

Name of the Vulnerable Software and Affected Versions Artica Pandora FMS versions prior to 7.23

Description The issue allows an attacker to perform an unauthenticated untrusted file upload. This is achieved through the update system, specifically via the "include/ajax/update manager.ajax" API endpoint. An attacker can upload an arbitrary plugin, potentially leading to further exploitation.

Recommendations For versions prior to 7.23, update to version 7.23 or later to resolve the issue. As a temporary workaround, consider restricting access to the "include/ajax/update manager.ajax" API endpoint to minimize the risk of exploitation.