This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).
8c2e13e57553407ba5b46b1cb763ce1bf256fd53ba20f8b4cb5a87d5d92785b0CipherMail Community Virtual Appliance version 4.6.2 suffers from remote command execution and file injection vulnerabilities.
8f19790f62e3ddd9f325c2b8bdab7552d76c9c096306b5c140c6286c884f3672Opsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.
953c9d49a6ad47c20e9a9acc6d55ebbeea2a239ede57f492f4be332d89519ed1SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.
b79184adec75f473b47197947faff63cfba84edcfe7f5a771347dd49fb829b26
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed