CVE-2020-7935: Malicious File Upload
First published: Mon Mar 23 2020(Updated: )
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Pandora FMS | <=7.42 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-7935?
CVE-2020-7935 is a vulnerability in Artica Pandora FMS through version 7.42 that allows for remote PHP code execution.
How severe is CVE-2020-7935?
CVE-2020-7935 has a severity score of 7.2, indicating a high severity.
What is the affected software for CVE-2020-7935?
The affected software is Artica Pandora FMS, version 7.42.
What is the issue with the File Manager in Artica Pandora FMS?
The issue with the File Manager in Artica Pandora FMS allows for unrestricted upload of a file with a dangerous type, leading to potential remote PHP code execution.
How can an attacker exploit CVE-2020-7935?
An attacker can exploit CVE-2020-7935 by creating or using an existing externally accessible directory to store PHP files and execute remote code.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/artica
- canonical/artica pandora fms
- version/artica pandora fms/7.42