nvd-json-data-feeds/CVE-2023/CVE-2023-417xx/CVE-2023-41788.json

{
  "id": "CVE-2023-41788",
  "sourceIdentifier": "security@pandorafms.com",
  "published": "2023-11-23T15:15:08.407",
  "lastModified": "2023-11-29T21:02:14.287",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773."
    },
    {
      "lang": "es",
      "value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Pandora FMS permite acceder a funcionalidades no correctamente restringidas por ACL. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo mediante la carga de archivos PHP. Este problema afecta a Pandora FMS: del 700 al 773."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      },
      {
        "source": "security@pandorafms.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.6,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    },
    {
      "source": "security@pandorafms.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "700",
              "versionEndExcluding": "774",
              "matchCriteriaId": "4BFBB222-690E-4B0B-B345-40BCB34BC8FE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",
      "source": "security@pandorafms.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-11-24T17:00:18.069848+00:00 2023-11-24 17:00:21 +00:00			`{`
			`"id": "CVE-2023-41788",`
			`"sourceIdentifier": "security@pandorafms.com",`
			`"published": "2023-11-23T15:15:08.407",`
Auto-Update: 2023-11-29T23:00:18.446215+00:00 2023-11-29 23:00:22 +00:00			`"lastModified": "2023-11-29T21:02:14.287",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2023-11-24T17:00:18.069848+00:00 2023-11-24 17:00:21 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773."`
			`},`
			`{`
			`"lang": "es",`
			`"value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Pandora FMS permite acceder a funcionalidades no correctamente restringidas por ACL. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo mediante la carga de archivos PHP. Este problema afecta a Pandora FMS: del 700 al 773."`
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
Auto-Update: 2023-11-29T23:00:18.446215+00:00 2023-11-29 23:00:22 +00:00			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 8.8,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 5.9`
			`},`
Auto-Update: 2023-11-24T17:00:18.069848+00:00 2023-11-24 17:00:21 +00:00			`{`
			`"source": "security@pandorafms.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "HIGH",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "REQUIRED",`
			`"scope": "CHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "HIGH",`
			`"baseScore": 7.6,`
			`"baseSeverity": "HIGH"`
			`},`
			`"exploitabilityScore": 1.0,`
			`"impactScore": 6.0`
			`}`
			`]`
			`},`
			`"weaknesses": [`
Auto-Update: 2023-11-29T23:00:18.446215+00:00 2023-11-29 23:00:22 +00:00			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-434"`
			`}`
			`]`
			`},`
Auto-Update: 2023-11-24T17:00:18.069848+00:00 2023-11-24 17:00:21 +00:00			`{`
			`"source": "security@pandorafms.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-434"`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-11-29T23:00:18.446215+00:00 2023-11-29 23:00:22 +00:00			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:artica:pandora_fms::::::::",`
			`"versionStartIncluding": "700",`
			`"versionEndExcluding": "774",`
			`"matchCriteriaId": "4BFBB222-690E-4B0B-B345-40BCB34BC8FE"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-11-24T17:00:18.069848+00:00 2023-11-24 17:00:21 +00:00			`"references": [`
			`{`
			`"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/",`
Auto-Update: 2023-11-29T23:00:18.446215+00:00 2023-11-29 23:00:22 +00:00			`"source": "security@pandorafms.com",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-11-24T17:00:18.069848+00:00 2023-11-24 17:00:21 +00:00			`}`
			`]`
			`}`