CVE-2020-5844 PoC — Artica Pandora FMS 代码问题漏洞

Source

https://github.com/TheCyberGeek/CVE-2020-5844

Associated Vulnerability

Title:Artica Pandora FMS 代码问题漏洞 (CVE-2020-5844)
Description:Artica Pandora FMS是西班牙Artica公司的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Pandora FMS v7.0 NG版本中的index.php?sec=godmode/extensions&sec2=extensions/files_repo存在安全漏洞。攻击者可通过使用base64编码文件地址利用该漏洞上传并执行恶意PHP脚本。

Readme

# CVE-2020-5844

## Authenticated RCE in PandoraFMS 7.0-NG 742
Admin privileged attackers can upload malicious PHP documents. By decoding the base64 file location users can gain a shell as apache user. 

Discovered by TheCyberGeek

## PoC python script
```
Usage: python3 CVE-2020-5844.py URL USER PASS PHP_REVERSE_SHELL
Ex: python3 CVE-2020-5844.py http://10.0.0.2/pandora_console admin pandora reverse.php
```

File Snapshot


 [4.0K]  /data/pocs/abef9489257c7a15333a93dfb43e305f26e89e1d
├── [2.1K]  CVE-2020-5844.py
└── [ 412]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!