← back
CVE-2019-20224

CVE-2019-20224

EPSS 49.7%
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 49.7%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
09 Jan 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742.
Affected products
n/a · n/a