Bolt

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-34086 HIGH POC THREAT Act Now

Pandora FMS monitoring platform version 7.0NG and earlier contains an authenticated command injection in the net_tools.php functionality. The select_ips parameter is passed to OS commands without sanitization when performing ping operations, allowing authenticated users to execute arbitrary commands on the monitoring server.

PHP RCE Code Injection Bolt

NVD GitHub Exploit-DB

CVSS 3.1

8.8

EPSS

50.8%

Threat

4.8

CVE-2025-34086

EPSS 51% 4.8 CVSS 8.8

HIGH POC THREAT Act Now

Pandora FMS monitoring platform version 7.0NG and earlier contains an authenticated command injection in the net_tools.php functionality. The select_ips parameter is passed to OS commands without sanitization when performing ping operations, allowing authenticated users to execute arbitrary commands on the monitoring server.

PHP RCE Code Injection +1

NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy