NVD

Id
15553  
Name
CVE-2010-4281  
Description
Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-12-02  
Modified Date
2010-12-10  
Seq
2010-4281  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
88022 15553 CVE-2010-4281 20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities  View
88023 15553 CVE-2010-4281 http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download  View
88024 15553 CVE-2010-4281 15643  View
88025 15553 CVE-2010-4281 20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities  View
88026 15553 CVE-2010-4281 45112  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
37629 JVNDB-2010-003414 Pandora FMS の safe_url_extraclean 関数における任意の PHP コードを実行される脆弱性 Pandora FMS の safe_url_extraclean 関数には、: コロン文字のチェック処理に不備があるため、任意の PHP コードを実行される脆弱性が存在します。 CVE-2010-4281 46861 CVE-2010-4281 15553 7.5 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-003414.html 2010-12-02 2012-03-27 View