cbcvebase.
CVE-2022-43979
published 2023-01-27

CVE-2022-43979: There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted…

PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.82%
52.7th percentile
There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
artica_pfmspandora_fmsv764 – v764
pandorafmspandora_fms< 766766
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.