PT-2023-28090 · Unknown · Pandora Fms
Published
2023-11-23
·
Updated
2024-01-09
·
CVE-2023-41788
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pandora FMS versions 700 through 773
Description
The issue allows attackers to execute code via PHP file uploads due to an Unrestricted Upload of File with Dangerous Type vulnerability. This vulnerability enables accessing functionality not properly constrained by ACLs.
Recommendations
For Pandora FMS versions 700 through 773, consider restricting or disabling PHP file uploads until a patch is available to prevent code execution by attackers.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pandora Fms