CVE-2023-41812: Uploading executables via the file manager
First published: Thu Nov 23 2023(Updated: )
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773.
Credit: security@pandorafms.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Pandora FMS | >=700<774 |
Remedy
Fixed in v774 and v772.2.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2023-41812.
What is the severity score of CVE-2023-41812?
The severity score of CVE-2023-41812 is 8.8 (High).
What is the affected software of CVE-2023-41812?
The affected software of CVE-2023-41812 is Pandora FMS version 700 through 773.
What is the description of CVE-2023-41812?
CVE-2023-41812 is a vulnerability in Pandora FMS that allows the unrestricted upload of PHP executable files through the file manager.
Is there a fix available for CVE-2023-41812?
The fix for CVE-2023-41812 is not mentioned in the provided information. Please refer to the provided reference link for more information.
- collector/nvd-api
- agent/title
- agent/weakness
- agent/event
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/artica
- canonical/artica pandora fms
- version/artica pandora fms/700