{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T15:22:38.776","vulnerabilities":[{"cve":{"id":"CVE-2022-1648","sourceIdentifier":"cve-coordination@incibe.es","published":"2022-07-26T15:15:10.513","lastModified":"2024-11-21T06:41:10.350","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege."},{"lang":"es","value":"Pandora FMS versión v7.0NG.760 y anteriores, permite un salto de ruta relativo en el Administrador de Archivos en el que un usuario con privilegios podría cargar un archivo .php fuera del directorio de imágenes previsto que está restringido para ejecutar el archivo .php. El impacto podría conllevar a una Ejecución de Código Remota con privilegio de aplicación en ejecución."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.2,"impactScore":5.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-23"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0_ng_760","matchCriteriaId":"F9ACE0CF-C204-470A-B706-969837339CDC"}]}]}],"references":[{"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/","source":"cve-coordination@incibe.es","tags":["Vendor Advisory"]},{"url":"https://www.incibe.es/en/cve-assignment-publication/coordinated-cves","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]},{"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.incibe.es/en/cve-assignment-publication/coordinated-cves","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}