writeups.xyz / Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise

Submitter : c2a

Date: 2 January 2024

Bounty : undisclosed

Vulnerabilities :

• Account Takeover
• Information Disclosure
• RCE
• Unrestricted File Upload
• Stored XSS
• Arbitrary File Read
• Local Privilege Escalation
• Path Traversal
• DoS
• IDOR
• Hardcoded Credentials

Programs :

• PandoraFMS

Authors :

• Oliver Brooks

Link :
https://research.nccgroup.com/2024/01/02/technical-advisory-multiple-vulnerabilities-in-pandorafms-enterprise/