CVE-2010-4283

Pandora FMS < 3.1 - Remote Code Execution via argv[1] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4283. PoCs published by Juan Galiana Lara.

AI-analyzed exploit summary The document describes multiple vulnerabilities in Pandora FMS, including path traversal, local file inclusion (LFI), and remote file inclusion (RFI) issues. It provides proof-of-concept examples for exploiting these vulnerabilities, particularly focusing on CVE-2010-4283, which involves arbitrary PHP code injection via the `argv[1]` parameter in `pandora_diag.php`.

Description

PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter.

Exploits (1)

exploitdb WRITEUP

by Juan Galiana Lara · textwebappsphp

https://www.exploit-db.com/exploits/15643

View Code ZIP pw:eip

The document describes multiple vulnerabilities in Pandora FMS, including path traversal, local file inclusion (LFI), and remote file inclusion (RFI) issues. It provides proof-of-concept examples for exploiting these vulnerabilities, particularly focusing on CVE-2010-4283, which involves arbitrary PHP code injection via the `argv[1]` parameter in `pandora_diag.php`.

Classification

Writeup 100%

Attack Type

Rce | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Pandora FMS versions prior to and including 3.1

No auth needed

Prerequisites: register_globals set to On for CVE-2010-4283 · Windows environment for certain path traversal exploits

MITRE ATT&CK