Remote Code Execution via File Uploader
CVE-2023-41788

8.8HIGH

Key Information:

Vendor: Pandora FMS
Status: Pandora FMS
Vendor: CVE Published:; 23 November 2023

🔔 Create Pandora FMS Vulnerability Alert

What is CVE-2023-41788?

An unrestricted file upload vulnerability in Pandora FMS allows malicious users to upload PHP files without appropriate constraints on Access Control Lists (ACLs). This oversight permits attackers to execute arbitrary code on the server, posing significant security risks to the integrity and confidentiality of the system.

Affected Version(s)

Pandora FMS all 700 <= 773

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Oliver Brooks <[email protected]>