Pandora FMS SQL Injection Vulnerability Allows Unauthorized Access
CVE-2023-44091

7.5HIGH

Key Information:

Vendor: Pandora Fms
Status: Pandora Fms
Vendor: CVE Published:; 19 March 2024

🔔 Create Pandora Fms Vulnerability Alert

What is CVE-2023-44091?

An SQL Injection vulnerability in Pandora FMS allows attackers to execute malicious SQL commands even when authentication fails. This issue enables potential unauthorized access to sensitive data, leading to severe implications for the integrity and confidentiality of information. Particularly, versions ranging from 700 to just below 776 of Pandora FMS are affected, emphasizing the need for immediate remediation to safeguard the system from exploitation. Security measures should be implemented to mitigate the risks associated with this vulnerability, including regular updates and patches.

Affected Version(s)

Pandora FMS all 700

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2024
Vulnerability Reserved
Sep 25, 2023

Credit

Aleksey Solovev (Positive Technologies)