CVE-2019-20050

2020-01-30T16:15:00
ID CVE-2019-20050
Type cve
Reporter cve@mitre.org
Modified 2020-02-10T21:52:00

Description

Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.