CVE-2022-1648
Relative Path Traversal to Remote Code Execution in File Manager
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.
Pandora FMS versión v7.0NG.760 y anteriores, permite un salto de ruta relativo en el Administrador de Archivos en el que un usuario con privilegios podría cargar un archivo .php fuera del directorio de imágenes previsto que está restringido para ejecutar el archivo .php. El impacto podría conllevar a una Ejecución de Código Remota con privilegio de aplicación en ejecución.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-10 CVE Reserved
- 2022-07-26 CVE Published
- 2024-09-16 CVE Updated
- 2024-10-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-23: Relative Path Traversal
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.incibe.es/en/cve-assignment-publication/coordinated-cves | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures | 2022-08-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pandorafms Search vendor "Pandorafms" | Pandora Fms Search vendor "Pandorafms" for product "Pandora Fms" | <= 7.0_ng_760 Search vendor "Pandorafms" for product "Pandora Fms" and version " <= 7.0_ng_760" | - |
Affected
| ||||||