Vulnerability Details CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.058
EPSS Ranking 90.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-11222
-
cpe:2.3:a:artica:pandora_fms:1.2
-
cpe:2.3:a:artica:pandora_fms:1.3
-
cpe:2.3:a:artica:pandora_fms:1.4
-
cpe:2.3:a:artica:pandora_fms:2.0
-
cpe:2.3:a:artica:pandora_fms:2.1
-
cpe:2.3:a:artica:pandora_fms:3.0
-
cpe:2.3:a:artica:pandora_fms:3.1
-
cpe:2.3:a:artica:pandora_fms:3.2
-
cpe:2.3:a:artica:pandora_fms:4.0
-
cpe:2.3:a:artica:pandora_fms:5.0
-
cpe:2.3:a:artica:pandora_fms:5.1
-
cpe:2.3:a:artica:pandora_fms:6.0
-
cpe:2.3:a:artica:pandora_fms:7.0
-
cpe:2.3:a:artica:pandora_fms:7.0_ng