← back
CVE-2023-41812

Uploading executables via the file manager

CVSS 5.7 MEDIUMEPSS 0.6%CWE-434
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.7EPSS 0.6%KEV nãoPoC Patch referenciado
Lifecycle
23 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:L
Affected products
Pandora FMS · Pandora FMS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/