CVE-2022-26309 LOW

CVE-2022-26309: Cross-Site Request en Bulk operation (User operation)

Vendor Artica Pfms

Product Pandora FMS

Weakness CWE-352 · CSRF

Published August 1, 2022

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.

Key dates

02Disclosure timeline

August 1, 2022 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-26309 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2023-1926 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'deleteCacheToolbar' CVE-2025-57992 WordPress Mail Baby SMTP plugin <= 2.8 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-31328 Cross-Site Request Forgery (CSRF) vulnerability in SAP S/4 HANA (Learning Solution) CVE-2023-6008 UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions CVE-2022-36424 WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF)