Pandora FMS = 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a βtrickyβ name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.
CPE | Name | Operator | Version |
---|---|---|---|
pandora_fms | eq | 7.42 |