Описание
netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:artica:pandora_fms:7.0_ng:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.93568
Критический
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request.
EPSS
Процентиль: 100%
0.93568
Критический
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78