From 424fda4587c212fa6182e61d53437567d8b39acc Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Wed, 21 Jun 2023 17:39:03 +0800
Subject: [PATCH] Create
PandoraFMS_upload_head_image.php_Arbitrary_File_Upload_Vulnerability.md
add PandoraFMS upload_head_image.php Arbitrary File Upload Vulnerability
---
..._image.php_Arbitrary_File_Upload_Vulnerability.md | 12 ++++++++++++
1 file changed, 12 insertions(+)
create mode 100644 PandoraFMS_upload_head_image.php_Arbitrary_File_Upload_Vulnerability.md
diff --git a/PandoraFMS_upload_head_image.php_Arbitrary_File_Upload_Vulnerability.md b/PandoraFMS_upload_head_image.php_Arbitrary_File_Upload_Vulnerability.md
new file mode 100644
index 0000000..1e5999f
--- /dev/null
+++ b/PandoraFMS_upload_head_image.php_Arbitrary_File_Upload_Vulnerability.md
@@ -0,0 +1,12 @@
+## PandoraFMS upload_head_image.php Arbitrary File Upload Vulnerability
+
+| **Vulnerability** | **PandoraFMS upload_head_image.php Arbitrary File Upload Vulnerability** |
+| :----: | :-----|
+| **Chinese name** | PandoraFMS 软件 upload_head_image.php 任意文件上传漏洞 |
+| **CVSS core** | 9.0 |
+| **FOFA Query** (click to view the results directly)| [body="pandora_console/"](https://en.fofa.info/result?qbase64=Ym9keT0icGFuZG9yYV9jb25zb2xlLyI%3D) |
+| **Number of assets affected** | 768 |
+| **Description** | PandoraFMS is an application software of American PandoraFMS. Provides a monitoring function.
There is an unauthorized file upload vulnerability in PandoraFMS upload_head_image.php. Attackers can upload malicious Trojan horses to obtain server permissions. |
+| **Impact** | There is an unauthorized file upload vulnerability in PandoraFMS upload_head_image.php. Attackers can upload malicious Trojan horses to obtain server permissions. |
+
+