CVE-2022-43979

Name of the Vulnerable Software and Affected Versions Pandora FMS version 7.64

Description The issue is related to a Path Traversal that leads to a Local File Inclusion. A function is called to check the parameter inserted by the user for malicious characters, but this check is insufficient. An attacker could insert an absolute path to overcome the check, thus being able to include any PHP file on the disk. This could lead to remote code execution.

Recommendations For Pandora FMS version 7.64, consider restricting access to the vulnerable function until a patch is available. As a temporary workaround, avoid using absolute paths in user-inserted parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.