CVE-2023-24517

MEDIUM

Pandora FMS < 767 - Unauthenticated Unrestricted Upload of File with Dangerous Type via File Manager

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-24517. PoCs published by Argonx21.

AI-analyzed exploit summary The repository contains only a README.md file with a CVE identifier and no additional technical details or exploit code. It lacks any functional content or analysis.

Description

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Exploits (1)

nomisec STUB

by Argonx21 · poc

https://github.com/Argonx21/CVE-2023-24517

View Code ZIP pw:eip

The repository contains only a README.md file with a CVE identifier and no additional technical details or exploit code. It lacks any functional content or analysis.

Classification

Stub 100%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Scores

CVSS v3 6.4

EPSS 0.0095

EPSS Percentile 56.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

pandorafms/pandora_fms < 767

Published Aug 22, 2023

Tracked Since Feb 18, 2026