Uploading executables via the file manager
CVE-2023-41812

8.8HIGH

Key Information:

Vendor: Pandora FMS
Status: Pandora FMS
Vendor: CVE Published:; 23 November 2023

🔔 Create Pandora FMS Vulnerability Alert

What is CVE-2023-41812?

The vulnerability in Pandora FMS allows for the unrestricted upload of PHP executable files via its file manager. This loophole permits unauthorized access to functionality that is not adequately constrained by Access Control Lists (ACLs), posing a significant security risk. Affected versions include Pandora FMS from 700 to 773, and organizations should take immediate action to mitigate any potential threats arising from this vulnerability.

Affected Version(s)

Pandora FMS all 700 <= 773

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Osama Yousef <[email protected]>