CVE-2019-20224 PoC — Artica Pandora FMS 操作系统命令注入漏洞

Source

https://github.com/mhaskar/CVE-2019-20224

Associated Vulnerability

Title:Artica Pandora FMS 操作系统命令注入漏洞 (CVE-2019-20224)
Description:Artica Pandora FMS是西班牙Artica公司的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Artica Pandora FMS 7.0NG版本中的functions_netflow.php文件的‘netflow_get_stats’函数存在安全漏洞。攻击者可借助‘ip_src’参数中的shell元字符利用该漏洞执行任意的操作系统命令。

Description

The offical exploit for Pandora v7.0NG Post-auth Remote Code Execution CVE-2019-20224

Readme

# CVE-2019-20224
The offical exploit for Pandora v7.0NG Post-auth Remote Code Execution CVE-2019-20224

File Snapshot


 [4.0K]  /data/pocs/123b5077a6ff048981d058afd80ba2dde3771727
├── [1.6K]  pandora-postauth-rce.py
└── [ 103]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!