Share:

CVE-2021-34074 - Pandorafms Pandora Fms

June 25, 2021

Critical 9.8

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.

Affected software

Pandorafms Pandora Fms

Reference links

https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.