exploitDog

CVE-2023-24517

Опубликовано: 22 авг. 2023

Источник: nvd

CVSS3: 6.4

CVSS3: 7.2

EPSS Низкий

Описание

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Ссылки

https://gist.github.com/Argonx21/9ab62f6e5d8bc6d39b8a338426af121e
Exploit
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Vendor Advisory
https://gist.github.com/Argonx21/9ab62f6e5d8bc6d39b8a338426af121e
Exploit
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

Версия до 767 (включая)

EPSS

Процентиль: 53%

0.00299

Низкий

6.4 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-gg3j-5crr-vx4f

CVSS3: 6.4

github

больше 2 лет назад

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.

EPSS

Процентиль: 53%

0.00299

Низкий

6.4 Medium

CVSS3

7.2 High

CVSS3

Дефекты

CWE-434

CWE-434