CVE Vulnerability

CVE-2020-7935

Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access.

6.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://k4m1ll0.com/cve-2020-7935.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
Information

Published : 2020-03-23 04:15

Updated : 2020-03-25 04:55

NVD link : CVE-2020-7935

Mitre link : CVE-2020-7935

Products Affected
No products.
CWE
CWE-434