|
71698 | 71698 | "session_types": false, |
71699 | 71699 | "needs_cleanup": null |
71700 | 71700 | }, |
| 71701 | + "exploit_linux/http/pandora_fms_auth_rce_cve_2024_12971": { |
| 71702 | + "name": "Pandora FMS authenticated command injection leading to RCE via chromium_path or phantomjs_bin", |
| 71703 | + "fullname": "exploit/linux/http/pandora_fms_auth_rce_cve_2024_12971", |
| 71704 | + "aliases": [], |
| 71705 | + "rank": 600, |
| 71706 | + "disclosure_date": "2025-03-17", |
| 71707 | + "type": "exploit", |
| 71708 | + "author": [ |
| 71709 | + |
| 71710 | + ], |
| 71711 | + "description": "Pandora FMS is a monitoring solution that provides full observability for your organization's\n technology. This module exploits an command injection vulnerability in the `chromium-path` or\n `phantomjs-bin` directory setting at the application settings page of Pandora FMS.\n You need have admin access at the Pandora FMS Web application in order to execute this RCE.\n This access can be achieved by knowing the admin credentials to access the web application or\n leveraging a default password vulnerability in Pandora FMS that allows an attacker to access\n the Pandora FMS MySQL database, create a new admin user and gain administrative access to the\n Pandora FMS Web application. This attack can be remotely executed over the WAN as long as the\n MySQL services are exposed to the outside world.\n This issue affects Community, Free and Enterprise editions:\n - chromium-path: from v7.0NG.768 through <= v7.0NG.780\n - phantomjs-bin: from v7.0NG.724 through <= v7.0NG.767\n\n Note: use target setting 2 \"Tiny Reverse Netcat Command\" for versions <= v7.0NG.738", |
| 71712 | + "references": [ |
| 71713 | + "CVE-2024-12971", |
| 71714 | + "URL-https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", |
| 71715 | + "URL-https://attackerkb.com/topics/BJe14wkMYS/cve-2024-12971" |
| 71716 | + ], |
| 71717 | + "platform": "Linux,PHP,Unix", |
| 71718 | + "arch": "cmd, php", |
| 71719 | + "rport": 443, |
| 71720 | + "autofilter_ports": [ |
| 71721 | + 80, |
| 71722 | + 8080, |
| 71723 | + 443, |
| 71724 | + 8000, |
| 71725 | + 8888, |
| 71726 | + 8880, |
| 71727 | + 8008, |
| 71728 | + 3000, |
| 71729 | + 8443 |
| 71730 | + ], |
| 71731 | + "autofilter_services": [ |
| 71732 | + "http", |
| 71733 | + "https" |
| 71734 | + ], |
| 71735 | + "targets": [ |
| 71736 | + "PHP Command", |
| 71737 | + "Unix/Linux Command", |
| 71738 | + "Tiny Reverse Netcat Command (use THIS for versions <= v738)" |
| 71739 | + ], |
| 71740 | + "mod_time": "2025-04-07 14:29:51 +0000", |
| 71741 | + "path": "/modules/exploits/linux/http/pandora_fms_auth_rce_cve_2024_12971.rb", |
| 71742 | + "is_install_path": true, |
| 71743 | + "ref_name": "linux/http/pandora_fms_auth_rce_cve_2024_12971", |
| 71744 | + "check": true, |
| 71745 | + "post_auth": true, |
| 71746 | + "default_credential": false, |
| 71747 | + "notes": { |
| 71748 | + "Stability": [ |
| 71749 | + "crash-safe" |
| 71750 | + ], |
| 71751 | + "SideEffects": [ |
| 71752 | + "artifacts-on-disk", |
| 71753 | + "ioc-in-logs" |
| 71754 | + ], |
| 71755 | + "Reliability": [ |
| 71756 | + "repeatable-session" |
| 71757 | + ] |
| 71758 | + }, |
| 71759 | + "session_types": false, |
| 71760 | + "needs_cleanup": null |
| 71761 | + }, |
71701 | 71762 | "exploit_linux/http/pandora_fms_events_exec": { |
71702 | 71763 | "name": "Pandora FMS Events Remote Command Execution", |
71703 | 71764 | "fullname": "exploit/linux/http/pandora_fms_events_exec", |
|
0 commit comments