With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-11-03T11:33:57

Updated: 2024-08-04T01:01:59.056Z

Reserved: 2021-07-12T00:00:00

Link: CVE-2021-36697

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-11-03T12:15:07.643

Modified: 2021-11-05T12:16:40.190

Link: CVE-2021-36697

cve-icon Redhat

No data.