CVE-2019-19681

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 7.x

Description The issue allows for remote code execution with an authenticated user who has the ability to modify the alert system, potentially enabling the execution of commands as root or Administrator. It is noted that the product vendor disputes the existence of this issue as described, citing the requirement of admin rights to create alert commands and the capability of the extended ACL system to restrict access to specific configuration sections.

Recommendations For Pandora FMS versions 7.x, ensure that admin rights are strictly controlled and consider utilizing the extended ACL system to disable access to sensitive sections of the configuration, such as defining new alert commands, to minimize potential risks.