Pandora FMS SQL Injection Vulnerability Allows Unauthorized Access
CVE-2023-44091

7.5HIGH

Key Information:

Vendor: Pandora Fms
Status: Pandora Fms
Vendor: CVE Published:; 19 March 2024

🔔 Create Pandora Fms Vulnerability Alert

What is CVE-2023-44091?

An SQL Injection vulnerability in Pandora FMS allows attackers to execute malicious SQL commands even when authentication fails. This issue enables potential unauthorized access to sensitive data, leading to severe implications for the integrity and confidentiality of information. Particularly, versions ranging from 700 to just below 776 of Pandora FMS are affected, emphasizing the need for immediate remediation to safeguard the system from exploitation. Security measures should be implemented to mitigate the risks associated with this vulnerability, including regular updates and patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Pandora FMS all 700

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 19, 2024
Vulnerability Reserved
Sep 25, 2023

Credit

Aleksey Solovev (Positive Technologies)

JSON

Pandora Fms

What is CVE-2023-44091?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.