What is CVE-2010-4282?

CVE-2010-4282 is a vulnerability in Artica Pandora_fms, classified under Path Traversal. Published 2010-12-02.

Is CVE-2010-4282 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Artica Pandora_fms

CVE-2010-4282

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and al…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.049 (89.8th percentile) — read the EPSS interpretation.

Affected products

Artica Pandora_fms — versions 2.0, 1.3, 3.0
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

69545 (x_refsource_OSVDB, vdb-entry)
42347 (x_refsource_SECUNIA, third-party-advisory)
20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_CONFIRM, Patch)
69543 (x_refsource_OSVDB, vdb-entry)
45112 (Patch, vdb-entry, x_refsource_BID)
69544 (x_refsource_OSVDB, vdb-entry)
20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities (mailing-list, x_refsource_FULLDISC)
15643 (Exploit, exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2010-4282?: CVE-2010-4282 is a vulnerability in Artica Pandora_fms, classified under Path Traversal. Published 2010-12-02.
Is CVE-2010-4282 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.