This is a vulnerability writeup describing a Local File Include (LFI) vulnerability in Pandora FMS v4.0.1. The vulnerability allows an attacker to include local files via the 'sec2' parameter in the 'services' module.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Pandora FMS v4.0.1
Auth required
Prerequisites:Access to a privileged user account · Network access to the Pandora FMS application