CVE-2019-20050
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.
Pandora FMS anterior o igual a la versión 7.42, sufre de una vulnerabilidad de ejecución de código remota. Para explotar la vulnerabilidad, un usuario autenticado debe crear una nueva carpeta con un nombre "tricky" en el administrador de archivos. La explotación funciona cuando la extensión php-fileinfo está deshabilitada en el sistema host. El atacante necesita incluir metacaracteres de shell en el tipo de contenido.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-27 CVE Reserved
- 2020-01-30 CVE Published
- 2024-03-10 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://k4m1ll0.com/cve-2019-20050.html | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Artica Search vendor "Artica" | Pandora Fms Search vendor "Artica" for product "Pandora Fms" | 7.42 Search vendor "Artica" for product "Pandora Fms" and version "7.42" | - |
Affected
| ||||||