← voltar
CVE-2022-43979

Path Traversal leading to Local File Inclusion

CVSS 5.9 MEDIUMEPSS 0.8%CWE-434
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.9EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
27 jan 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution.
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L
Produtos afetados
Artica PFMS · Pandora FMS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/