CVE-2021-36697
First published: Wed Nov 03 2021(Updated: )
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Pandora FMS | <=755 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID of this security issue is CVE-2021-36697.
What is the title of this vulnerability?
The title of this vulnerability is 'With an admin account the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component'.
What is the severity level of CVE-2021-36697?
The severity level of CVE-2021-36697 is medium.
How can an attacker exploit this vulnerability?
With an admin account, an attacker can overwrite the .htaccess file in Artica Pandora FMS <=755 using the File Manager component, allowing them to upload a PHP file and execute malicious code.
Is there a fix available for this vulnerability?
At the moment, there is no information available about a fix for this vulnerability. It is recommended to follow the vendor's website for any updates or patches.
- collector/nvd-index
- vendor/artica
- canonical/artica pandora fms
- version/artica pandora fms/755