CVE-2022-1648

Summary

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.

Affected Software

VendorProductVersion RangeStatus
Artica PFMSPandora FMSv760 <= v760affected

Weaknesses

  • CWE-23: CWE-23 Relative Path Traversal

ADP Enrichment

CVE Program Container

Additional References

References