|
81125 | 81125 | "session_types": false, |
81126 | 81126 | "needs_cleanup": true |
81127 | 81127 | }, |
| 81128 | + "exploit_linux/http/pandora_itsm_auth_rce_cve_2025_4653": { |
| 81129 | + "name": "Pandora ITSM authenticated command injection leading to RCE via the backup function", |
| 81130 | + "fullname": "exploit/linux/http/pandora_itsm_auth_rce_cve_2025_4653", |
| 81131 | + "aliases": [], |
| 81132 | + "rank": 600, |
| 81133 | + "disclosure_date": "2025-06-10", |
| 81134 | + "type": "exploit", |
| 81135 | + "author": [ |
| 81136 | + |
| 81137 | + ], |
| 81138 | + "description": "Pandora ITSM is a platform for Service Management & Support including a Helpdesk for support\n and customer service teams, aligned with ITIL processes.\n This module exploits a command injection vulnerability in the `name` backup setting at the\n application setup page of Pandora ITSM. This can be triggered by generating a backup with a\n malicious payload injected at the `name` parameter.\n You need to have admin access at the Pandora ITSM Web application in order to execute this RCE.\n This access can be achieved by knowing the admin credentials to access the web application or\n leveraging a default password vulnerability in Pandora ITSM that allows an attacker to access\n the Pandora FMS ITSM database, create a new admin user and gain administrative access to the\n Pandora ITSM Web application. This attack can be remotely executed over the WAN as long as the\n MySQL services are exposed to the outside world.\n This issue affects all ITSM Enterprise editions up to `5.0.105` and is patched at `5.0.106`.", |
| 81139 | + "references": [ |
| 81140 | + "CVE-2025-4653", |
| 81141 | + "URL-https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", |
| 81142 | + "URL-https://github.com/h00die-gr3y/h00die-gr3y/security/advisories/GHSA-m4f8-9c8x-8f3f", |
| 81143 | + "URL-https://attackerkb.com/topics/wgCb1QQm1t/cve-2025-4653" |
| 81144 | + ], |
| 81145 | + "platform": "Linux,Unix", |
| 81146 | + "arch": "cmd", |
| 81147 | + "rport": 443, |
| 81148 | + "autofilter_ports": [ |
| 81149 | + 80, |
| 81150 | + 8080, |
| 81151 | + 443, |
| 81152 | + 8000, |
| 81153 | + 8888, |
| 81154 | + 8880, |
| 81155 | + 8008, |
| 81156 | + 3000, |
| 81157 | + 8443 |
| 81158 | + ], |
| 81159 | + "autofilter_services": [ |
| 81160 | + "http", |
| 81161 | + "https" |
| 81162 | + ], |
| 81163 | + "targets": [ |
| 81164 | + "Unix/Linux Command" |
| 81165 | + ], |
| 81166 | + "mod_time": "2025-08-06 08:22:06 +0000", |
| 81167 | + "path": "/modules/exploits/linux/http/pandora_itsm_auth_rce_cve_2025_4653.rb", |
| 81168 | + "is_install_path": true, |
| 81169 | + "ref_name": "linux/http/pandora_itsm_auth_rce_cve_2025_4653", |
| 81170 | + "check": true, |
| 81171 | + "post_auth": true, |
| 81172 | + "default_credential": false, |
| 81173 | + "notes": { |
| 81174 | + "Stability": [ |
| 81175 | + "crash-safe" |
| 81176 | + ], |
| 81177 | + "SideEffects": [ |
| 81178 | + "artifacts-on-disk", |
| 81179 | + "ioc-in-logs" |
| 81180 | + ], |
| 81181 | + "Reliability": [ |
| 81182 | + "repeatable-session" |
| 81183 | + ] |
| 81184 | + }, |
| 81185 | + "session_types": false, |
| 81186 | + "needs_cleanup": null |
| 81187 | + }, |
81128 | 81188 | "exploit_linux/http/pandora_ping_cmd_exec": { |
81129 | 81189 | "name": "Pandora FMS Ping Authenticated Remote Code Execution", |
81130 | 81190 | "fullname": "exploit/linux/http/pandora_ping_cmd_exec", |
|
0 commit comments