Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.
References
Link | Resource |
---|---|
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | Vendor Advisory |
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.9 |
05 Jan 2024, 04:49
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory | |
CPE | cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:* | |
CWE | CWE-89 |
29 Dec 2023, 13:56
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-29 12:15
Updated : 2024-11-21 08:25
NVD link : CVE-2023-44088
Mitre link : CVE-2023-44088
CVE.ORG link : CVE-2023-44088
JSON object : View
Products Affected
pandorafms
- pandora_fms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')