CVE-2023-41788

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-434"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-41788", "ASSIGNER": "security@pandorafms.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2023-11-23T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "774", "versionStartIncluding": "700"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-11-29T21:02Z"}