Lucene search

K
cvelistPandoraFMSCVELIST:CVE-2023-41793
HistoryMar 19, 2024 - 4:34 p.m.

CVE-2023-41793 Path Traversal and Untrusted Upload File

2024-03-1916:34:48
CWE-35
PandoraFMS
www.cve.org
cve-2023-41793
path traversal
untrusted upload file
pandora fms
vulnerability
directory change
file creation

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

9.0%

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.ย This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.ย This issue affects Pandora FMS: from 700 through <776.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Pandora FMS",
    "versions": [
      {
        "lessThanOrEqual": "<776",
        "status": "affected",
        "version": "700",
        "versionType": "custom"
      }
    ]
  }
]

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2023-41793