CVE-2010-4282

2010-12-0217:00:00

mitre

www.cve.org

AI Score

7.2

Confidence

Low

EPSS

0.008

Percentile

82.2%

JSON

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.

References

osvdb.org/69543

osvdb.org/69544

osvdb.org/69545

seclists.org/fulldisclosure/2010/Nov/326

secunia.com/advisories/42347

sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

www.exploit-db.com/exploits/15643

www.securityfocus.com/archive/1/514939/100/0/threaded

www.securityfocus.com/bid/45112