## PandoraFMS upload_head_image.php Arbitrary File Upload Vulnerability

|   **Vulnerability**  | **PandoraFMS upload_head_image.php Arbitrary File Upload Vulnerability**  |
| :----:   | :-----|
| **Chinese name**  | PandoraFMS 软件 upload_head_image.php 任意文件上传漏洞 |
| **CVSS core**  | 9.0 |
| **FOFA Query**  (click to view the results directly)| [body="pandora_console/"](https://en.fofa.info/result?qbase64=Ym9keT0icGFuZG9yYV9jb25zb2xlLyI%3D) |
| **Number of assets affected**  | 768 |
| **Description**  | PandoraFMS is an application software of American PandoraFMS. Provides a monitoring function.<br></p><p>There is an unauthorized file upload vulnerability in PandoraFMS upload_head_image.php. Attackers can upload malicious Trojan horses to obtain server permissions. |
| **Impact** | There is an unauthorized file upload vulnerability in PandoraFMS upload_head_image.php. Attackers can upload malicious Trojan horses to obtain server permissions. |

![](https://s3.bmp.ovh/imgs/2023/06/21/c89f35d6d3a29740.gif)