CVE-2023-34096 in ThrukИнформация

Сводка

по MITRE • 08.06.2023

Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Ответственный

GitHub, Inc.

Резервировать

25.05.2023

Раскрытие

08.06.2023

Модерация

принято

Вход

VDB-231110

Эксплойт

Скачать

EPSS

0.62682

KEV

Нет

Деятельности

Очень низкий

Источники

Might our Artificial Intelligence support you?

Check our Alexa App!