漏洞描述
Artica Pandora FMS是西班牙Artica公司的一套监控系统,在 Artica Pandora FMS 到 7.42中,未经身份验证的攻击者可以读取聊天记录。该文件采用 JSON 格式,包含用户名、用户 ID、私人消息和时间戳。
Artica Pandora FMS未授权访问(CVE-2020-8497)
PoC代码
暂无相关漏洞推荐
- POC CVE-2018-11222: Pandora FMS <=7.0NG.722 - Remote Code Execution
- POC CVE-2019-20224: Pandora FMS 7.0NG - Remote Command Injection
- POC CVE-2020-13158: Artica Proxy Community Edition <4.30.000000 - Local File Inclusion
- POC CVE-2020-13851: Artica Pandora FMS 7.44 - Remote Code Execution
- POC CVE-2020-17505: Artica Web Proxy 4.30 - OS Command Injection
- POC CVE-2020-17506: Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection
- POC CVE-2020-8497: Artica Pandora FMS <=7.42 - Arbitrary File Read
- POC CVE-2022-37153: Artica Proxy 4.30.000000 - Cross-Site Scripting
- POC CVE-2024-11320: Pandora v7.0NG.777.3 - Remote Code Execution
- POC CVE-2024-2053: Artica Proxy - Unauthenticated LFI
- POC CVE-2019-20224: PandoraFMS v7.0NG Post-auth Remote Code Execution
- POC pandora-fms-installer: Pandora FMS Installation Page - Exposure
- Artica Proxy Loopback服务认证绕过漏洞