CVE-2017-15935

Published: Oct 27, 2017Modified: May 13, 2026

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file.

Affected (1)

Products: Artica: Pandora Fms

Artica

1 product

Pandora Fms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artica Pandora Fms	Version 7.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.