Name of the Vulnerable Software and Affected Versions:

Artica Pandora FMS version 7.42

Description:

The issue allows Web Admin users to execute arbitrary code by uploading a .php file via the Updater or Extension component. However, the vendor reports that this functionality is intended.

Recommendations:

For Artica Pandora FMS version 7.42, consider restricting access to the Updater or Extension component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.