CVE-2021-36697

EUVD-2021-23292
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
articapandora_fms
𝑥
≤ 755
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://artica.com
http://pandora.com
https://k4m1ll0.com/chained_exploit_htaccess.html
http://artica.com
http://pandora.com
https://k4m1ll0.com/chained_exploit_htaccess.html