Lucene search

MitreCVE-2010-4281

HistoryDec 02, 2010 - 5:15 p.m.

CVE-2010-4281

2010-12-0217:15:00

CWE-94

mitre

web.nvd.nist.gov

cve

2010

4281

vulnerability

ajax.php

pandora fms

remote attackers

arbitrary php code

unc share pathname

security issue

nvd

exploit

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.016

Percentile

87.3%

JSON

Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character.

Affected configurations

Nvd

Node

articapandora_fmsRange≤3.1

articapandora_fmsMatch1.2

articapandora_fmsMatch1.3

articapandora_fmsMatch1.3beta

articapandora_fmsMatch1.3beta1

articapandora_fmsMatch1.3beta2

articapandora_fmsMatch1.3beta3

articapandora_fmsMatch1.3.1

articapandora_fmsMatch2.0

articapandora_fmsMatch2.0beta

articapandora_fmsMatch2.1

articapandora_fmsMatch2.1.1

articapandora_fmsMatch3.0

articapandora_fmsMatch3.0rc1

articapandora_fmsMatch3.0rc2

articapandora_fmsMatch3.1rc1

VendorProductVersionCPE
articapandora_fms*cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
articapandora_fms1.2cpe:2.3:a:artica:pandora_fms:1.2:*:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:*:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:beta:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:beta1:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:beta2:*:*:*:*:*:*
articapandora_fms1.3cpe:2.3:a:artica:pandora_fms:1.3:beta3:*:*:*:*:*:*
articapandora_fms1.3.1cpe:2.3:a:artica:pandora_fms:1.3.1:*:*:*:*:*:*:*
articapandora_fms2.0cpe:2.3:a:artica:pandora_fms:2.0:*:*:*:*:*:*:*
articapandora_fms2.0cpe:2.3:a:artica:pandora_fms:2.0:beta:*:*:*:*:*:*

Vendor	Product	Version	CPE
artica	pandora_fms	*	cpe:2.3:a:artica:pandora_fms::::::::
artica	pandora_fms	1.2	cpe:2.3:a:artica:pandora_fms:1.2:::::::*
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:::::::*
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:beta::::::
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:beta1::::::
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:beta2::::::
artica	pandora_fms	1.3	cpe:2.3:a:artica:pandora_fms:1.3:beta3::::::
artica	pandora_fms	1.3.1	cpe:2.3:a:artica:pandora_fms:1.3.1:::::::*
artica	pandora_fms	2.0	cpe:2.3:a:artica:pandora_fms:2.0:::::::*
artica	pandora_fms	2.0	cpe:2.3:a:artica:pandora_fms:2.0:beta::::::

Rows per page:

1-10 of 161

References

osvdb.org/69546

seclists.org/fulldisclosure/2010/Nov/326

secunia.com/advisories/42347

sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

www.exploit-db.com/exploits/15643

www.securityfocus.com/archive/1/514939/100/0/threaded

www.securityfocus.com/bid/45112