Search criteria
162 vulnerabilities found for pandora_fms by artica
FKIE_CVE-2025-5306
Vulnerability from fkie_nvd - Published: 2025-06-27 08:15 - Updated: 2025-09-16 13:25
Severity ?
Summary
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBF38ED-86D8-4C5B-A879-F97A77D06097",
"versionEndIncluding": "778",
"versionStartIncluding": "774",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales en el campo de directorio Netflow puede permitir la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a Pandora FMS 774 a 778."
}
],
"id": "CVE-2025-5306",
"lastModified": "2025-09-16T13:25:41.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
},
"published": "2025-06-27T08:15:22.277",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-12992
Vulnerability from fkie_nvd - Published: 2025-03-17 10:15 - Updated: 2025-09-16 15:53
Severity ?
Summary
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE.
This issue affects Pandora FMS from 700 to 777.6
.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20B79698-C22C-449D-BA89-AC9366168456",
"versionEndExcluding": "777.8",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. \n\nThis issue affects Pandora FMS from 700 to 777.6\n\n."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando permite la inyecci\u00f3n de comandos del sistema operativo mediante RCE. Este problema afecta a Pandora FMS desde la versi\u00f3n 700 hasta la 777.6."
}
],
"id": "CVE-2024-12992",
"lastModified": "2025-09-16T15:53:40.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
},
"published": "2025-03-17T10:15:16.053",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-12971
Vulnerability from fkie_nvd - Published: 2025-03-17 10:15 - Updated: 2025-09-16 15:55
Severity ?
Summary
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20B79698-C22C-449D-BA89-AC9366168456",
"versionEndExcluding": "777.8",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6"
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de comando permite la inyecci\u00f3n de comandos del sistema operativo. Este problema afecta a Pandora FMS de 700 a 777.6"
}
],
"id": "CVE-2024-12971",
"lastModified": "2025-09-16T15:55:43.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
},
"published": "2025-03-17T10:15:14.797",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-35304
Vulnerability from fkie_nvd - Published: 2024-06-10 15:15 - Updated: 2025-09-16 15:52
Severity ?
Summary
System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A805FD56-3664-44B0-BFB1-EFC175DDE616",
"versionEndExcluding": "777",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "System command injection through Netflow function\u00a0due to improper input validation, allowing attackers to execute arbitrary system commands.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
},
{
"lang": "es",
"value": "Inyecci\u00f3n de comandos del sistema a trav\u00e9s de la funci\u00f3n Netflow debido a una validaci\u00f3n de entrada incorrecta, lo que permite a los atacantes ejecutar comandos arbitrarios del sistema. Este problema afecta a Pandora FMS: desde 700 hasta \u0026lt;777."
}
],
"id": "CVE-2024-35304",
"lastModified": "2025-09-16T15:52:02.563",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
},
"published": "2024-06-10T15:15:51.430",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-35305
Vulnerability from fkie_nvd - Published: 2024-06-10 15:15 - Updated: 2025-09-16 15:52
Severity ?
Summary
Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A805FD56-3664-44B0-BFB1-EFC175DDE616",
"versionEndExcluding": "777",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
},
{
"lang": "es",
"value": "La inyecci\u00f3n SQL basada en tiempo Unauth en API permite explotar el encabezado de autorizaci\u00f3n de solicitud HTTP. Este problema afecta a Pandora FMS: desde 700 hasta \u0026lt;777."
}
],
"id": "CVE-2024-35305",
"lastModified": "2025-09-16T15:52:37.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
},
"published": "2024-06-10T15:15:51.583",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-35307
Vulnerability from fkie_nvd - Published: 2024-06-10 15:15 - Updated: 2025-09-16 15:56
Severity ?
Summary
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A805FD56-3664-44B0-BFB1-EFC175DDE616",
"versionEndExcluding": "777",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension,\u00a0allowing unauthenticated attackers to execute arbitrary code on the server.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
},
{
"lang": "es",
"value": "Inyecci\u00f3n de argumentos que conduce a la ejecuci\u00f3n remota de c\u00f3digo en Realtime Graph Extension, lo que permite a atacantes no autenticados ejecutar c\u00f3digo arbitrario en el servidor. Este problema afecta a Pandora FMS: desde 700 hasta \u0026lt;777."
}
],
"id": "CVE-2024-35307",
"lastModified": "2025-09-16T15:56:22.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
},
"published": "2024-06-10T15:15:51.803",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-88"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-35306
Vulnerability from fkie_nvd - Published: 2024-06-10 15:15 - Updated: 2025-09-16 15:53
Severity ?
Summary
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A805FD56-3664-44B0-BFB1-EFC175DDE616",
"versionEndExcluding": "777",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
},
{
"lang": "es",
"value": "La inyecci\u00f3n de comandos del sistema operativo en archivos PHP Ajax a trav\u00e9s de una solicitud HTTP, permite ejecutar comandos del sistema explotando variables. Este problema afecta a Pandora FMS: desde 700 hasta \u0026lt;777."
}
],
"id": "CVE-2024-35306",
"lastModified": "2025-09-16T15:53:01.673",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:X/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
},
"published": "2024-06-10T15:15:51.700",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-44091
Vulnerability from fkie_nvd - Published: 2024-03-19 17:15 - Updated: 2025-09-16 15:49
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through <776.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43E82BDE-56AE-494A-8C82-C7E4157390AF",
"versionEndExcluding": "776",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows SQL Injection.\u00a0This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through \u003c776."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de Comando SQL (\u0027Inyecci\u00f3n SQL\u0027) en Pandora FMS en todos permite la Inyecci\u00f3n SQL. Esta vulnerabilidad permit\u00eda realizar inyecciones SQL incluso si fallaba la autenticaci\u00f3n. Este problema afecta a Pandora FMS: de 700 a \u0026lt;776."
}
],
"id": "CVE-2023-44091",
"lastModified": "2025-09-16T15:49:46.410",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security@pandorafms.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-19T17:15:08.780",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-44090
Vulnerability from fkie_nvd - Published: 2024-03-19 17:15 - Updated: 2025-09-16 15:47
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700 through <776.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43E82BDE-56AE-494A-8C82-C7E4157390AF",
"versionEndExcluding": "776",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nImproper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700 through \u003c776.\n\n"
},
{
"lang": "es",
"value": "Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de Comando SQL (\u0027Inyecci\u00f3n SQL\u0027) en Pandora FMS en todos permite CVE-2008-5817. Esta vulnerabilidad permiti\u00f3 realizar cambios de SQL en varios archivos del m\u00f3dulo Grafana. Este problema afecta a Pandora FMS: desde 700 hasta \u0026lt;776."
}
],
"id": "CVE-2023-44090",
"lastModified": "2025-09-16T15:47:59.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.3,
"source": "security@pandorafms.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-19T17:15:08.563",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-44092
Vulnerability from fkie_nvd - Published: 2024-03-19 17:15 - Updated: 2025-09-16 15:51
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through <776.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43E82BDE-56AE-494A-8C82-C7E4157390AF",
"versionEndExcluding": "776",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Pandora FMS on all allows OS Command Injection.\u00a0This vulnerability allowed to create a reverse shell and execute commands in the OS.\u00a0This issue affects Pandora FMS: from 700 through \u003c776."
},
{
"lang": "es",
"value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo (\u0027inyecci\u00f3n de comando del sistema operativo\u0027) en Pandora FMS en todos permite la inyecci\u00f3n de comando del sistema operativo. Esta vulnerabilidad permiti\u00f3 crear un shell inverso y ejecutar comandos en el sistema operativo. Este problema afecta a Pandora FMS: desde 700 hasta \u0026lt;776."
}
],
"id": "CVE-2023-44092",
"lastModified": "2025-09-16T15:51:17.473",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "security@pandorafms.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-19T17:15:08.980",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-41793
Vulnerability from fkie_nvd - Published: 2024-03-19 17:15 - Updated: 2025-09-16 15:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artica | pandora_fms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43E82BDE-56AE-494A-8C82-C7E4157390AF",
"versionEndExcluding": "776",
"versionStartIncluding": "700",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u00a0This issue affects Pandora FMS: from 700 through \u003c776."
},
{
"lang": "es",
"value": "Vulnerabilidad de Path Traversal en Pandora FMS en todos permite Path Traversal. Esta vulnerabilidad permit\u00eda cambiar directorios y crear archivos y descargarlos fuera de los directorios permitidos. Este problema afecta a Pandora FMS: desde 700 hasta \u0026lt;776."
}
],
"id": "CVE-2023-41793",
"lastModified": "2025-09-16T15:15:05.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5,
"source": "security@pandorafms.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-19T17:15:08.263",
"references": [
{
"source": "security@pandorafms.com",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-35"
}
],
"source": "security@pandorafms.com",
"type": "Secondary"
}
]
}
CVE-2025-5306 (GCVE-0-2025-5306)
Vulnerability from cvelistv5 – Published: 2025-06-27 07:48 – Updated: 2025-06-27 13:37
VLAI?
Title
Command Injection in Netflow path
Summary
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
774 , ≤ 778
(custom)
|
Credits
Martin Sutovsky, Security Researcher. Rapid 7
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T13:36:21.527912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:37:26.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "778",
"status": "affected",
"version": "774",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Martin Sutovsky, Security Researcher. Rapid 7"
}
],
"datePublic": "2025-06-27T07:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778"
}
],
"value": "Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T07:48:15.936Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 777.10 or 780 or higher"
}
],
"value": "Upgrade to version 777.10 or 780 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command Injection in Netflow path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2025-5306",
"datePublished": "2025-06-27T07:48:15.936Z",
"dateReserved": "2025-05-28T14:26:40.736Z",
"dateUpdated": "2025-06-27T13:37:26.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12992 (GCVE-0-2024-12992)
Vulnerability from cvelistv5 – Published: 2025-03-17 09:21 – Updated: 2025-03-17 12:32
VLAI?
Title
Remote Code Execution leads to Command Injection
Summary
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE.
This issue affects Pandora FMS from 700 to 777.6
.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
768 , ≤ 780
(custom)
|
Credits
Hanko van Giessen a.k.a. h00die-gr3y <h00die.gr3y@gmail.com>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T12:31:51.304023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T12:32:02.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "780",
"status": "affected",
"version": "768",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hanko van Giessen a.k.a. h00die-gr3y \u003ch00die.gr3y@gmail.com\u003e"
}
],
"datePublic": "2025-03-17T09:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. \n\nThis issue affects Pandora FMS from 700 to 777.6\n\n."
}
],
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. \n\nThis issue affects Pandora FMS from 700 to 777.6\n\n."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T09:21:39.002Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v781 and v777.8\n\n\u003cbr\u003e"
}
],
"value": "Fixed in v781 and v777.8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution leads to Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-12992",
"datePublished": "2025-03-17T09:21:39.002Z",
"dateReserved": "2024-12-27T10:50:03.410Z",
"dateUpdated": "2025-03-17T12:32:02.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12971 (GCVE-0-2024-12971)
Vulnerability from cvelistv5 – Published: 2025-03-17 09:19 – Updated: 2025-03-17 12:32
VLAI?
Title
QuickShell Authenticated Command Injection
Summary
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , ≤ 777.6
(custom)
|
Credits
Hanko van Giessen a.k.a. h00die-gr3y <h00die.gr3y@gmail.com>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T12:32:25.865316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T12:32:34.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "777.6",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hanko van Giessen a.k.a. h00die-gr3y \u003ch00die.gr3y@gmail.com\u003e"
}
],
"datePublic": "2025-03-17T09:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6"
}
],
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T09:19:31.761Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v781 and v777.8"
}
],
"value": "Fixed in v781 and v777.8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "QuickShell Authenticated Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-12971",
"datePublished": "2025-03-17T09:19:31.761Z",
"dateReserved": "2024-12-26T10:09:18.562Z",
"dateUpdated": "2025-03-17T12:32:34.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35307 (GCVE-0-2024-35307)
Vulnerability from cvelistv5 – Published: 2024-06-10 14:33 – Updated: 2024-08-02 03:07
VLAI?
Title
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension
Summary
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.
Severity ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , < 777
(custom)
|
Credits
u32i@proton.me
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:700:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T13:35:21.466902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T13:39:11.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "u32i@proton.me"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension,\u0026nbsp;allowing unauthenticated attackers to execute arbitrary code on the server.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension,\u00a0allowing unauthenticated attackers to execute arbitrary code on the server.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:33:29.127Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed v777"
}
],
"value": "Fixed v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35307",
"datePublished": "2024-06-10T14:33:29.127Z",
"dateReserved": "2024-05-16T17:38:35.343Z",
"dateUpdated": "2024-08-02T03:07:46.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35306 (GCVE-0-2024-35306)
Vulnerability from cvelistv5 – Published: 2024-06-10 14:30 – Updated: 2024-08-02 03:07
VLAI?
Title
OS Command injection in Ajax PHP files through HTTP Request
Summary
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , < 777
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandora_fms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pandora_fms",
"vendor": "pandora_fms",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T17:34:28.554257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:42:02.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-06-10T14:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:Y/R:U/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:30:36.784Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed v777"
}
],
"value": "Fixed v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS Command injection in Ajax PHP files through HTTP Request",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35306",
"datePublished": "2024-06-10T14:30:36.784Z",
"dateReserved": "2024-05-16T17:38:35.343Z",
"dateUpdated": "2024-08-02T03:07:46.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35305 (GCVE-0-2024-35305)
Vulnerability from cvelistv5 – Published: 2024-06-10 14:28 – Updated: 2024-08-02 03:07
VLAI?
Title
Unauth Time-Based SQL Injection via API
Summary
Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , < 777
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "artica",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:22:59.082085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:29:45.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-06-10T14:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:28:18.393Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v777"
}
],
"value": "Fixed in v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauth Time-Based SQL Injection via API",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35305",
"datePublished": "2024-06-10T14:28:18.393Z",
"dateReserved": "2024-05-16T17:38:35.342Z",
"dateUpdated": "2024-08-02T03:07:46.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35304 (GCVE-0-2024-35304)
Vulnerability from cvelistv5 – Published: 2024-06-10 14:21 – Updated: 2024-08-02 03:07
VLAI?
Title
System command injection through Netflow function
Summary
System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , < 777
(custom)
|
Credits
u32i@proton.me
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T15:44:44.106381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T15:47:46.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "u32i@proton.me"
}
],
"datePublic": "2024-06-10T14:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "System command injection through Netflow function\u0026nbsp;due to improper input validation, allowing attackers to execute arbitrary system commands.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "System command injection through Netflow function\u00a0due to improper input validation, allowing attackers to execute arbitrary system commands.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:21:10.487Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed v777"
}
],
"value": "Fixed v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "System command injection through Netflow function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35304",
"datePublished": "2024-06-10T14:21:10.487Z",
"dateReserved": "2024-05-16T17:38:35.341Z",
"dateUpdated": "2024-08-02T03:07:46.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41793 (GCVE-0-2023-41793)
Vulnerability from cvelistv5 – Published: 2024-03-19 16:34 – Updated: 2024-08-02 19:22
VLAI?
Title
Path Traversal and Untrusted Upload File
Summary
: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.
Severity ?
6.7 (Medium)
CWE
- CWE-35 - Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , ≤ <776
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThanOrEqual": "776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:21:08.499209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:22:18.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-03-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u0026nbsp;This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e"
}
],
"value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u00a0This issue affects Pandora FMS: from 700 through \u003c776."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:34:48.358Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v776.\n\n\u003cbr\u003e"
}
],
"value": "\nFixed in v776.\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path Traversal and Untrusted Upload File",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41793",
"datePublished": "2024-03-19T16:34:48.358Z",
"dateReserved": "2023-09-01T11:54:47.539Z",
"dateUpdated": "2024-08-02T19:22:18.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44092 (GCVE-0-2023-44092)
Vulnerability from cvelistv5 – Published: 2024-03-19 16:32 – Updated: 2024-08-02 19:59
VLAI?
Title
OS Command Injection
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through <776.
Severity ?
7.6 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , ≤ <776
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artica:pandora_fms:700:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "artica",
"versions": [
{
"lessThan": "776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T14:31:18.246071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T14:44:44.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:50.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-03-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Pandora FMS on all allows OS Command Injection.\u0026nbsp;This vulnerability allowed to create a reverse shell and execute commands in the OS.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Pandora FMS on all allows OS Command Injection.\u00a0This vulnerability allowed to create a reverse shell and execute commands in the OS.\u00a0This issue affects Pandora FMS: from 700 through \u003c776."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:32:54.633Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v776."
}
],
"value": "Fixed in v776."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-44092",
"datePublished": "2024-03-19T16:32:54.633Z",
"dateReserved": "2023-09-25T08:33:09.669Z",
"dateUpdated": "2024-08-02T19:59:50.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44091 (GCVE-0-2023-44091)
Vulnerability from cvelistv5 – Published: 2024-03-19 16:31 – Updated: 2024-08-02 19:52
VLAI?
Title
Unauth Time-Based SQL Injection
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through <776.
Severity ?
7.5 (High)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , ≤ <776
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-19T19:13:28.748415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:19:21.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-03-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows SQL Injection.\u0026nbsp;This ulnerability allowed SQL injections to be made even if authentication failed.\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in Pandora FMS on all allows SQL Injection.\u00a0This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through \u003c776."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:31:38.932Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v776.\n\n\u003cbr\u003e"
}
],
"value": "\nFixed in v776.\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauth Time-Based SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-44091",
"datePublished": "2024-03-19T16:31:38.932Z",
"dateReserved": "2023-09-25T08:33:09.669Z",
"dateUpdated": "2024-08-02T19:52:11.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5306 (GCVE-0-2025-5306)
Vulnerability from nvd – Published: 2025-06-27 07:48 – Updated: 2025-06-27 13:37
VLAI?
Title
Command Injection in Netflow path
Summary
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
774 , ≤ 778
(custom)
|
Credits
Martin Sutovsky, Security Researcher. Rapid 7
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T13:36:21.527912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:37:26.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "778",
"status": "affected",
"version": "774",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Martin Sutovsky, Security Researcher. Rapid 7"
}
],
"datePublic": "2025-06-27T07:46:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778"
}
],
"value": "Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T07:48:15.936Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 777.10 or 780 or higher"
}
],
"value": "Upgrade to version 777.10 or 780 or higher"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Command Injection in Netflow path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2025-5306",
"datePublished": "2025-06-27T07:48:15.936Z",
"dateReserved": "2025-05-28T14:26:40.736Z",
"dateUpdated": "2025-06-27T13:37:26.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12992 (GCVE-0-2024-12992)
Vulnerability from nvd – Published: 2025-03-17 09:21 – Updated: 2025-03-17 12:32
VLAI?
Title
Remote Code Execution leads to Command Injection
Summary
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE.
This issue affects Pandora FMS from 700 to 777.6
.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
768 , ≤ 780
(custom)
|
Credits
Hanko van Giessen a.k.a. h00die-gr3y <h00die.gr3y@gmail.com>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12992",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T12:31:51.304023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T12:32:02.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "780",
"status": "affected",
"version": "768",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hanko van Giessen a.k.a. h00die-gr3y \u003ch00die.gr3y@gmail.com\u003e"
}
],
"datePublic": "2025-03-17T09:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. \n\nThis issue affects Pandora FMS from 700 to 777.6\n\n."
}
],
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. \n\nThis issue affects Pandora FMS from 700 to 777.6\n\n."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T09:21:39.002Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v781 and v777.8\n\n\u003cbr\u003e"
}
],
"value": "Fixed in v781 and v777.8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution leads to Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-12992",
"datePublished": "2025-03-17T09:21:39.002Z",
"dateReserved": "2024-12-27T10:50:03.410Z",
"dateUpdated": "2025-03-17T12:32:02.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12971 (GCVE-0-2024-12971)
Vulnerability from nvd – Published: 2025-03-17 09:19 – Updated: 2025-03-17 12:32
VLAI?
Title
QuickShell Authenticated Command Injection
Summary
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , ≤ 777.6
(custom)
|
Credits
Hanko van Giessen a.k.a. h00die-gr3y <h00die.gr3y@gmail.com>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12971",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T12:32:25.865316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T12:32:34.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "777.6",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hanko van Giessen a.k.a. h00die-gr3y \u003ch00die.gr3y@gmail.com\u003e"
}
],
"datePublic": "2025-03-17T09:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6"
}
],
"value": "Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6"
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
},
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T09:19:31.761Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v781 and v777.8"
}
],
"value": "Fixed in v781 and v777.8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "QuickShell Authenticated Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-12971",
"datePublished": "2025-03-17T09:19:31.761Z",
"dateReserved": "2024-12-26T10:09:18.562Z",
"dateUpdated": "2025-03-17T12:32:34.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35307 (GCVE-0-2024-35307)
Vulnerability from nvd – Published: 2024-06-10 14:33 – Updated: 2024-08-02 03:07
VLAI?
Title
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension
Summary
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.
Severity ?
CWE
- CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , < 777
(custom)
|
Credits
u32i@proton.me
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:700:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35307",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T13:35:21.466902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T13:39:11.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "u32i@proton.me"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension,\u0026nbsp;allowing unauthenticated attackers to execute arbitrary code on the server.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension,\u00a0allowing unauthenticated attackers to execute arbitrary code on the server.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:33:29.127Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed v777"
}
],
"value": "Fixed v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Argument Injection Leading to Remote Code Execution in Realtime Graph Extension",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35307",
"datePublished": "2024-06-10T14:33:29.127Z",
"dateReserved": "2024-05-16T17:38:35.343Z",
"dateUpdated": "2024-08-02T03:07:46.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35306 (GCVE-0-2024-35306)
Vulnerability from nvd – Published: 2024-06-10 14:30 – Updated: 2024-08-02 03:07
VLAI?
Title
OS Command injection in Ajax PHP files through HTTP Request
Summary
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , < 777
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandora_fms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "pandora_fms",
"vendor": "pandora_fms",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35306",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T17:34:28.554257Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:42:02.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-06-10T14:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:Y/R:U/RE:L/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:30:36.784Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed v777"
}
],
"value": "Fixed v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS Command injection in Ajax PHP files through HTTP Request",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35306",
"datePublished": "2024-06-10T14:30:36.784Z",
"dateReserved": "2024-05-16T17:38:35.343Z",
"dateUpdated": "2024-08-02T03:07:46.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35305 (GCVE-0-2024-35305)
Vulnerability from nvd – Published: 2024-06-10 14:28 – Updated: 2024-08-02 03:07
VLAI?
Title
Unauth Time-Based SQL Injection via API
Summary
Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , < 777
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "artica",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35305",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:22:59.082085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:29:45.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-06-10T14:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:28:18.393Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v777"
}
],
"value": "Fixed in v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Unauth Time-Based SQL Injection via API",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35305",
"datePublished": "2024-06-10T14:28:18.393Z",
"dateReserved": "2024-05-16T17:38:35.342Z",
"dateUpdated": "2024-08-02T03:07:46.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35304 (GCVE-0-2024-35304)
Vulnerability from nvd – Published: 2024-06-10 14:21 – Updated: 2024-08-02 03:07
VLAI?
Title
System command injection through Netflow function
Summary
System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , < 777
(custom)
|
Credits
u32i@proton.me
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35304",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T15:44:44.106381Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T15:47:46.560Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "u32i@proton.me"
}
],
"datePublic": "2024-06-10T14:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "System command injection through Netflow function\u0026nbsp;due to improper input validation, allowing attackers to execute arbitrary system commands.\u0026nbsp;This issue affects Pandora FMS: from 700 through \u0026lt;777."
}
],
"value": "System command injection through Netflow function\u00a0due to improper input validation, allowing attackers to execute arbitrary system commands.\u00a0This issue affects Pandora FMS: from 700 through \u003c777."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:21:10.487Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed v777"
}
],
"value": "Fixed v777"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "System command injection through Netflow function",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2024-35304",
"datePublished": "2024-06-10T14:21:10.487Z",
"dateReserved": "2024-05-16T17:38:35.341Z",
"dateUpdated": "2024-08-02T03:07:46.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41793 (GCVE-0-2023-41793)
Vulnerability from nvd – Published: 2024-03-19 16:34 – Updated: 2024-08-02 19:22
VLAI?
Title
Path Traversal and Untrusted Upload File
Summary
: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.
Severity ?
6.7 (Medium)
CWE
- CWE-35 - Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , ≤ <776
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThanOrEqual": "776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:21:08.499209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:22:18.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-03-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u0026nbsp;This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e"
}
],
"value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u00a0This issue affects Pandora FMS: from 700 through \u003c776."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:34:48.358Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v776.\n\n\u003cbr\u003e"
}
],
"value": "\nFixed in v776.\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path Traversal and Untrusted Upload File",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41793",
"datePublished": "2024-03-19T16:34:48.358Z",
"dateReserved": "2023-09-01T11:54:47.539Z",
"dateUpdated": "2024-08-02T19:22:18.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44092 (GCVE-0-2023-44092)
Vulnerability from nvd – Published: 2024-03-19 16:32 – Updated: 2024-08-02 19:59
VLAI?
Title
OS Command Injection
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through <776.
Severity ?
7.6 (High)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , ≤ <776
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:artica:pandora_fms:700:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "artica",
"versions": [
{
"lessThan": "776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T14:31:18.246071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T14:44:44.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:50.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-03-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Pandora FMS on all allows OS Command Injection.\u0026nbsp;This vulnerability allowed to create a reverse shell and execute commands in the OS.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) vulnerability in Pandora FMS on all allows OS Command Injection.\u00a0This vulnerability allowed to create a reverse shell and execute commands in the OS.\u00a0This issue affects Pandora FMS: from 700 through \u003c776."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:32:54.633Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Fixed in v776."
}
],
"value": "Fixed in v776."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-44092",
"datePublished": "2024-03-19T16:32:54.633Z",
"dateReserved": "2023-09-25T08:33:09.669Z",
"dateUpdated": "2024-08-02T19:59:50.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}