Pandora Fms
Monthly
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE.6 . Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Pandora FMS monitoring platform versions 700 through 777.6 contain a command injection vulnerability that allows OS command execution. The improper neutralization of special elements in monitoring agent communication enables attackers to execute arbitrary commands on the Pandora FMS server with the application's privileges.
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778
Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE.6 . Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Pandora FMS monitoring platform versions 700 through 777.6 contain a command injection vulnerability that allows OS command execution. The improper neutralization of special elements in monitoring agent communication enables attackers to execute arbitrary commands on the Pandora FMS server with the application's privileges.