CVE-2010-4282 PoC — Artica Pandora FMS多个目录遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2010/CVE-2010-4282.yaml

Associated Vulnerability

Title:Artica Pandora FMS多个目录遍历漏洞 (CVE-2010-4282)
Description:Pandora FMS（Flexible Monitoring System）是Pandora FMS团队的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Pandora FMS 3.1.1之前版本中存在多个目录遍历漏洞。远程攻击者可以借助(1)对ajax.php文件传递的page参数，或者(2)对general/pandora_help.php文件传递的id参数包含并执行任意本地文件；远程攻击者也可以借助(3)对operation/agentes/networkmap.

Description

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.

File Snapshot


 id: CVE-2010-4282

info:
  name: phpShowtime 2.0 - Directory Traversal
  author: daffainfo
  severit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!