| ID |
CVE-2019-20050
|
| Sažetak |
Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type. |
| Reference |
|
| CVSS |
| Base: | 7.1 |
| Impact: | 10.0 |
| Exploitability: | 3.9 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
HIGH |
SINGLE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| CVSS vektor |
AV:N/AC:H/Au:S/C:C/I:C/A:C |
| Zadnje važnije ažuriranje |
24-08-2020 - 17:37 |
| Objavljeno |
30-01-2020 - 16:15 |
