CVE-2019-20224

Description

netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742.

CVSS Version 3.1
CVSS Version 2.0

nvd
CVE ID: CVE-2019-20224
Base Score: 8.8
Base Severity: HIGH
Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8

nvd
CVE ID: CVE-2019-20224
Base Score: 9.0
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:S/C:C/I:C/A:C

Proof Of Concept

Nuclei Templates for CVE-2019-20224

Refrence: Project Discovery GitHub

mhaskar

The offical exploit for Pandora v7.0NG Post-auth Remote Code Execution CVE-2019-20224

Refrence: GitHub

Refrence: NVD

Description​

Proof Of Concept​

Description

Proof Of Concept