CVE-2020-5844

Name of the Vulnerable Software and Affected Versions Pandora FMS version 7.0NG.742 FIX PERL2020

Description The issue allows authenticated administrators to upload malicious PHP scripts and execute them via base64 decoding of the file location. This is achieved through the index.php?sec=godmode/extensions&sec2=extensions/files repo endpoint.

Recommendations For version 7.0NG.742 FIX PERL2020, consider restricting access to the index.php?sec=godmode/extensions&sec2=extensions/files repo endpoint to prevent malicious script uploads until a patch is available. As a temporary workaround, disabling the ability to upload files via this endpoint can minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.