This Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability in th e Events feature of Pandora FMS. This flaw allows users to execute arbitrary commands via the target parameter in HTTP POST requests to the Events function. After authenticating to the target, the module attempts to exploit this flaw by issuing such an HTTP POST request, with the target parameter set to contain the payload. If a shell is obtained, the module will try to obtain the local MySQL database password via a simple grep command on the plaintext /var/www/html/pandora_console/include/config.php file. Valid credentials for a Pandora FMS account are required. The account does not need to have admin privileges. This module has been successfully tested on Pandora 7.0 NG 744 running on CentOS 7 (the official virtual appliance ISO for this version).
8c2e13e57553407ba5b46b1cb763ce1bf256fd53ba20f8b4cb5a87d5d92785b0
Pandora FMS 7.0 NG versions 746 and below remote code execution exploit that leverages cross site scripting. Requires administrator to perform an snmp scan with a cross site scripting payload.
64e36d03c3089797faac90e20543e9c26c28b2c3f60a28025478ea83f9b2f677
Impress CMS version 1.4.0 suffers from a cross site scripting vulnerability.
d10c089c482e9a376b11b78b769234c7086f5f071f9528b04cef9c32ebcc2666
Webtareas versions 2.1 and 2.1p suffer from multiple cross site scripting vulnerabilities.
de709b9e636a45bf06e8b4e80254324fea43fed9981b29bd397fa39ab3075c9f