CVE-2021-34074

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
pandorafmspandora_fms
𝑥
≤ 754
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html
https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html