CVE-2023-41793

Published: Mar 19, 2024Modified: Sep 16, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.

Affected (1)

Products: Artica: Pandora Fms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Artica Pandora Fms	From 700 to 776

Related CWEs

Path Traversal: '.../...//'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

References (2)

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Source: security@pandorafms.com

Vendor Advisory

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.