Описание
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.0_ng_760 (включая)
cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02785
Низкий
5.7 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-23
CWE-22
Связанные уязвимости
CVSS3: 7.2
github
больше 3 лет назад
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.
EPSS
Процентиль: 86%
0.02785
Низкий
5.7 Medium
CVSS3
7.2 High
CVSS3
Дефекты
CWE-23
CWE-22