CVE-2020-7935
Last modified
CVE-2020-7935 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. EPSS estimates a 3.08% chance of exploitation in the next 30 days.
Description
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Artica | Pandora Fms | <= 7.42 |
References
- https://k4m1ll0.com/cve-2020-7935.htmlExploit, Third Party Advisory
- https://k4m1ll0.com/cve-2020-7935.htmlExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-7935?
How severe is CVE-2020-7935?
How do I fix CVE-2020-7935?
Are you affected by CVE-2020-7935?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST