CVE-2021-36697
CVE-2021-36697CVE-2021-36697
artica / pandora_fms
Description
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
Scoring
| CVSS | 6.7 () |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| Last modified | 2026-07-05 |