EUVD-2026-21996

| CVE-2026-30813 HIGH
2026-04-13 PandoraFMS GHSA-chf8-3p4x-rchj
SQLi Pandora Fms
8.7
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
N

Lifecycle Timeline

2
Analysis Generated
Apr 13, 2026 - 16:43 vuln.today
CVSS Changed
Apr 13, 2026 - 16:22 NVD
8.7 (HIGH)

DescriptionNVD

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800

AnalysisAI

SQL injection in Pandora FMS module search functionality allows authenticated attackers to extract, modify, or delete database contents across versions 777 through 800. Attackers with low-level privileges can execute arbitrary SQL commands through improperly sanitized search parameters, leading to high confidentiality and integrity impact. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all Pandora FMS deployments running versions 777-800 and document network exposure and user access levels. Within 7 days: Implement network segmentation or access controls to restrict Pandora FMS module search functionality to trusted networks and users; apply principle of least privilege to Pandora FMS service accounts and user roles. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-21996 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy