cvedb.io
CVE-2021-36697
MEDIUM · CVSS 6.7
EPSS exploitation probability: 0%
Published 2021-11-03T12:15:07.643 · Last modified 2026-06-17T03:59:00.990

Summary

With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.

Affected products

artica — pandora_fms

Does this affect you?

Add your gear to cvedb and we'll alert you only when artica ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.