This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).
8c2e13e57553407ba5b46b1cb763ce1bf256fd53ba20f8b4cb5a87d5d92785b0
CipherMail Community Virtual Appliance version 4.6.2 suffers from remote command execution and file injection vulnerabilities.
8f19790f62e3ddd9f325c2b8bdab7552d76c9c096306b5c140c6286c884f3672
Opsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.
953c9d49a6ad47c20e9a9acc6d55ebbeea2a239ede57f492f4be332d89519ed1
SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.
b79184adec75f473b47197947faff63cfba84edcfe7f5a771347dd49fb829b26