Vulnerability Details CVE-2019-20050
Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user should create a new folder with a "tricky" name in the filemanager. The exploit works when the php-fileinfo extension is disabled on the host system. The attacker must include shell metacharacters in the content type.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.048
EPSS Ranking 89.1%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.1
Products affected by CVE-2019-20050
-
cpe:2.3:a:artica:pandora_fms:7.42