Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-5844 PoC — Artica Pandora FMS 代码问题漏洞

Source
https://github.com/TheCyberGeek/CVE-2020-5844
Associated Vulnerability
Title:Artica Pandora FMS 代码问题漏洞 (CVE-2020-5844)
Description:index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.
Readme
# CVE-2020-5844

## Authenticated RCE in PandoraFMS 7.0-NG 742
Admin privileged attackers can upload malicious PHP documents. By decoding the base64 file location users can gain a shell as apache user. 

Discovered by TheCyberGeek

## PoC python script
```
Usage: python3 CVE-2020-5844.py URL USER PASS PHP_REVERSE_SHELL
Ex: python3 CVE-2020-5844.py http://10.0.0.2/pandora_console admin pandora reverse.php
```
File Snapshot

 [4.0K]  /data/pocs/abef9489257c7a15333a93dfb43e305f26e89e1d
├── [2.1K]  CVE-2020-5844.py
└── [ 412]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →