CVE-2019-20050

Name of the Vulnerable Software and Affected Versions Pandora FMS versions ≤ 7.42

Description The issue allows for remote code execution. To exploit it, an authenticated user must create a new folder with a tricky name in the filemanager. The exploit is successful when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.

Recommendations For Pandora FMS versions ≤ 7.42, consider disabling the filemanager feature until a patch is available, and ensure the php-fileinfo extension is enabled on the host system to minimize the risk of exploitation.