CVE-2010-4282 Information
Description
Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php and allow remote attackers to include and execute create modify or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
Reference
http://osvdb.org/69543 http://osvdb.org/69544 http://osvdb.org/69545 http://seclists.org/fulldisclosure/2010/Nov/326 http://secunia.com/advisories/42347 http://sourceforge.net/projects/pandora/files/Pandora20FMS203.1/Final20version2028Stable29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download http://www.exploit-db.com/exploits/15643 http://www.securityfocus.com/archive/1/514939/100/0/threaded http://www.securityfocus.com/bid/45112
Share on: