CVE-2010-4282

critical

Description

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.

References

http://www.securityfocus.com/bid/45112

http://www.securityfocus.com/archive/1/514939/100/0/threaded

http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

http://secunia.com/advisories/42347

http://seclists.org/fulldisclosure/2010/Nov/326

http://osvdb.org/69545

http://osvdb.org/69544

http://osvdb.org/69543

Details

Source: Mitre, NVD

Published: 2010-12-02

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.19495