exploitDog

CVE-2021-34074

Опубликовано: 25 июн. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.

Ссылки

https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html
Exploit
Third Party Advisory
https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

Версия до 754 (включая)

EPSS

Процентиль: 90%

0.05049

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-7v73-wqmq-pqv5

github

больше 3 лет назад

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.

EPSS

Процентиль: 90%

0.05049

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434