← Back to CVEs
CVE-2023-44088
MEDIUM5.9
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.
CVE Details
CVSS v3.1 Score5.9
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionREQUIRED
Published12/29/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
pandorafms:pandora_fms
Weaknesses (CWE)
CWE-89CWE-89
References
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/(security@pandorafms.com)
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.