CVE-2022-1648

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 7.0NG.760 and below

Description The issue allows a relative path traversal in the File Manager, enabling a privileged user to upload a .php file outside the intended images directory. This could lead to a Remote Code Execution with the privilege of the running application.

Recommendations For Pandora FMS versions 7.0NG.760 and below, consider restricting access to the File Manager to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid using the File Manager to upload files, especially .php files, to prevent potential Remote Code Execution.