Vulnerability CVE-2018-11222


Published: 2018-06-15   Modified: 2018-06-16

Description:
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.

Type:

CWE-20

(Improper Input Validation)

Vendor: Artica
Product: Pandora fms 
Version: 7.23;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://blog.hackercat.ninja/post/pandoras_box/
https://pandorafms.com/wp-content/uploads/2018/06/whats-new-723-EN.pdf

Related CVE
CVE-2018-1000812
Ártica Soluciones Tecnológicas Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/pass...
CVE-2018-19829
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-19828
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
CVE-2018-11221
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
CVE-2017-15937
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).
CVE-2017-15936
In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed.
CVE-2017-15934
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.
CVE-2017-15935
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.

Copyright 2019, cxsecurity.com

 

Back to Top