Unauth Time-Based SQL Injection Vulnerability Affects Pandora FMS API
CVE-2024-35305

Currently unrated

Key Information:

Vendor: Pandora Fms
Status: Pandora Fms
Vendor: CVE Published:; 10 June 2024

🔔 Create Pandora Fms Vulnerability Alert

What is CVE-2024-35305?

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.

Affected Version(s)

Pandora FMS all 700 < 777

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2024
Vulnerability Reserved
May 16, 2024

Credit

Aleksey Solovev (Positive Technologies)

.