Traversal Path on PHP file
CVE-2023-41790

9.8CRITICAL

Key Information:

Vendor: Pandora FMS
Status: Pandora FMS
Vendor: CVE Published:; 23 November 2023

🔔 Create Pandora FMS Vulnerability Alert

What is CVE-2023-41790?

The vulnerability present in Pandora FMS versions 700 to 773 allows unauthorized manipulation of the configuration file search paths. This flaw can lead to the exposure of sensitive server configuration files and potentially compromise the database. Attackers can leverage this weakness to access critical system resources and gain unauthorized privileges.

Affected Version(s)

Pandora FMS all 700 <= 773

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Oliver Brooks <[email protected]>