Published: 16/03/2020 Updated: 29/11/2022

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artica pandora fms 7.0_ng

Pandora FMS version 70NG742 suffers from an authenticated remote code execution vulnerability ...

Exploit for CVE-2020-5844 (Pandora FMS v7.0NG.742) - Remote Code Execution

Exploit for CVE-2020-5844 (Pandora FMS v70NG742) - Remote Code Execution Like this repo? Give us a ⭐! For educational and authorized security research purposes only Exploit Author @UNICORDev by (@NicPWNs and @Dev-Yeoj) Vulnerability Description indexphp?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v70 NG allows authenticated administrators to

CVE-2020-5844 Authenticated RCE in PandoraFMS 70-NG 742 Admin privileged attackers can upload malicious PHP documents By decoding the base64 file location users can gain a shell as apache user Discovered by TheCyberGeek PoC python script Usage: python3 CVE-2020-5844py URL USER PASS PHP_REVERSE_SHELL Ex: python3 CVE-2020-5844py 10002/pandora_console admin pandora

CVE-2020-5844-exploit Work in progress Author: @1Exovant Usage Usage: python3 CVE-2020-5844py -t <target-IP>:<target-port> --check python3 CVE-2020-5844py -t <target-IP>:<target-port> -u <username> -p <password> python3 CVE-2020-5844py -t <target-IP>:<target-port&

CWE-434 https://pandorafms.com https://github.com/TheCyberGeek/CVE-2020-5844 http://packetstormsecurity.com/files/167503/Pandora-FMS-7.0NG.742-Remote-Code-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/167503/Pandora-FMS-7.0NG.742-Remote-Code-Execution.html https://github.com/UNICORDev/exploit-CVE-2020-5844

CVE-2020-5844

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect