SQL Injection Vulnerability in Pandora FMS
CVE-2026-34187
7.6HIGH
What is CVE-2026-34187?
An SQL Injection vulnerability exists in Pandora FMS due to improper neutralization of special elements in SQL commands. This flaw permits an attacker to manipulate SQL queries via the 'graph container' parameter, potentially leading to unauthorized access to sensitive database information. Affected versions range from 777 through 800. Users are advised to apply relevant updates and patches to mitigate this risk.
Affected Version(s)
Pandora FMS all 777 <= 800
References
CVSS V4
Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Pedro J. Núñez-Cacho Fuentes <tunelko@gmail.com>