PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-25T15:04:55
Updated: 2024-08-04T00:05:52.239Z
Reserved: 2021-06-07T00:00:00
Link: CVE-2021-34074
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-25T16:15:17.120
Modified: 2024-11-21T06:09:52.680
Link: CVE-2021-34074
Redhat
No data.