We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Relative Path Traversal to Remote Code Execution in pandorafms/pandorafms

Valid

Reported on

Feb 20th 2022

Description

Pandora FMS v7.0NG.759 allows relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to Remote Code Execution with running application privilege.

Proof of Concept

Affected version: Pandora FMS v7.0NG.759 - OUM 759 - MR 51
Affected component: Console
Affected endpoint:

POST http://$HOST/pandora_console/index.php?sec=gsetup&sec2=godmode/setup/file_manager

~

Request file passwd: X4v9W4qP87

Impact

This vulnerability is capable of executing OS Command with running application privilege.

We are processing your report and will contact the pandorafms team within 24 hours. 2 years ago
We have contacted a member of the pandorafms team and are waiting to hear back 2 years ago
We have sent a follow up to the pandorafms team. We will try again in 7 days. 2 years ago
pandorafms/pandorafms maintainer has invalidated this vulnerability 2 years ago

This feature is allowed to upload all type of files. There is a ACL system in Pandora FMS where you can limit the upload of these files.

The disclosure bounty has been dropped
The fix bounty has been dropped
Faisal Fs ⚔️
a year ago

Researcher

https://nvd.nist.gov/vuln/detail/CVE-2022-1648

Faisal Fs ⚔️
a year ago

Researcher

Pandora FMS Advisory:

image

to join this conversation