CVE-2010-4282

nvd nist nuclei

Published: Dec 2, 2010Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.

Affected (16)

Products: Artica: Pandora Fms

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Artica Pandora Fms	Up to 3.1
Artica Pandora Fms	Version 1.2
Artica Pandora Fms	Version 1.3.1
Artica Pandora Fms	Version 1.3
Artica Pandora Fms	Version 1.3 beta1
Artica Pandora Fms	Version 1.3 beta2
Artica Pandora Fms	Version 1.3 beta3
Artica Pandora Fms	Version 1.3 beta
Artica Pandora Fms	Version 2.0
Artica Pandora Fms	Version 2.0 beta
Artica Pandora Fms	Version 2.1.1
Artica Pandora Fms	Version 2.1
Artica Pandora Fms	Version 3.0
Artica Pandora Fms	Version 3.0 rc1
Artica Pandora Fms	Version 3.0 rc2
Artica Pandora Fms	Version 3.1 rc1

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (18)

http://osvdb.org/69543

Source: cve@mitre.org

http://osvdb.org/69544

Source: cve@mitre.org

http://osvdb.org/69545

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2010/Nov/326

Source: cve@mitre.org

http://secunia.com/advisories/42347

Source: cve@mitre.org

http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

Source: cve@mitre.org

Patch

http://www.exploit-db.com/exploits/15643

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/514939/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/45112

Source: cve@mitre.org

Patch

http://osvdb.org/69543

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/69544

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/69545

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2010/Nov/326

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42347

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.exploit-db.com/exploits/15643

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/archive/1/514939/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45112

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.