CVE-2019-20050

Pandora FMS = 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.

Published: Jan 30, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-20050
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:H/Au:S/C:C/I:C/A:C

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
artica / pandora_fms	7.42	7.42.x

https://k4m1ll0.com/cve-2019-20050.html

Vulnerability Database

289,871

CVE-2019-20050