CVE-2020-7935

Name of the Vulnerable Software and Affected Versions Artica Pandora FMS versions through 7.42

Description The issue allows for remote PHP code execution due to an Unrestricted Upload Of A File With A Dangerous Type in the File Manager. An attacker, with Administrator access, can create or use an existing directory that is externally accessible to store PHP files, knowing the filename and exact path, thus enabling PHP code execution in the context of the application.

Recommendations For versions through 7.42, as a temporary workaround, consider restricting access to the File Manager to minimize the risk of exploitation. Avoid using the File Manager to upload files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.