CVE-2023-41788: Remote Code Execution via File Uploader
First published: Thu Nov 23 2023(Updated: )
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773.
Credit: security@pandorafms.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Pandora FMS | >=700<774 |
Remedy
Fixed in v774 and v772.2.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-41788?
CVE-2023-41788 is a remote code execution vulnerability in Pandora FMS that allows attackers to execute code via PHP file uploads.
How does CVE-2023-41788 affect Pandora FMS?
CVE-2023-41788 affects Pandora FMS versions 700 through 773, allowing attackers to execute code via PHP file uploads.
What is the severity of CVE-2023-41788?
The severity of CVE-2023-41788 is high with a CVSS score of 8.8.
How can I fix CVE-2023-41788?
To fix CVE-2023-41788, update Pandora FMS to a version higher than 773 and apply any available patches.
Where can I find more information about CVE-2023-41788?
You can find more information about CVE-2023-41788 on the Pandora FMS website at: [https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/](https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/)
- collector/nvd-api
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/title
- agent/description
- agent/tags
- agent/source
- vendor/artica
- canonical/artica pandora fms
- version/artica pandora fms/700