CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41790 – Traversal Path on PHP file
https://notcve.org/view.php?id=CVE-2023-41790
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773. Vulnerabilidad no controlada del elemento de ruta de búsqueda en Pandora FMS permite aprovechar/manipular rutas de búsqueda de archivos de configuración. Esta vulnerabilidad permite acceder al archivo de configuración del servidor y comprometer la base de datos. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41789 – Unauthenticated Admin Account Takeover Via XSS
https://notcve.org/view.php?id=CVE-2023-41789
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an attacker to perform cookie hijacking and log in as that user without the need for credentials. This issue affects Pandora FMS: from 700 through 773. La vulnerabilidad de Neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pandora FMS permite en todos los casos Cross-Site Scripting (XSS). Esta vulnerabilidad permite a un atacante secuestrar cookies e iniciar sesión como ese usuario sin necesidad de credenciales. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41788 – Remote Code Execution via File Uploader
https://notcve.org/view.php?id=CVE-2023-41788
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Pandora FMS permite acceder a funcionalidades no correctamente restringidas por ACL. Esta vulnerabilidad permite a los atacantes ejecutar código mediante la carga de archivos PHP. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41787 – Arbitrary File Read
https://notcve.org/view.php?id=CVE-2023-41787
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows access to files with sensitive information. This issue affects Pandora FMS: from 700 through 772. Vulnerabilidad no controlada del elemento de ruta de búsqueda en Pandora FMS permite aprovechar/manipular rutas de búsqueda de archivos de configuración. Esta vulnerabilidad permite el acceso a archivos con información sensible. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41786 – Database backups availability by low-privileged users
https://notcve.org/view.php?id=CVE-2023-41786
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772. Vulnerabilidad de exposición de información sensible a un actor no autorizado en Pandora FMS en todos los casos que permite File Discovery. Esta vulnerabilidad permite a los usuarios con privilegios bajos descargar copias de seguridad de bases de datos. • https://https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •