CVE-2023-24517

Published: Aug 22, 2023Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Affected (1)

Products: Pandorafms: Pandora Fms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pandorafms Pandora Fms	Up to 767

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://gist.github.com/Argonx21/9ab62f6e5d8bc6d39b8a338426af121e

Source: cve-coordination@incibe.es

Exploit

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Source: cve-coordination@incibe.es

Vendor Advisory

https://gist.github.com/Argonx21/9ab62f6e5d8bc6d39b8a338426af121e

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.