CVE-2010-4280
published 2010-12-02CVE-2010-4280: Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.34%
91.6th percentile
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artica | pandora_fms | <= 3.1 | — |
| artica | pandora_fms | — | — |
| artica | pandora_fms | — | — |
| artica | pandora_fms | — | — |
| artica | pandora_fms | — | — |
| artica | pandora_fms | — | — |
| artica | pandora_fms | — | — |
| artica | pandora_fms | — | — |
| artica | pandora_fms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Pandora Fms 3.1 - Blind SQL Injection
exploitdb·2010-11-30·CVSS 7.5
CVE-2010-4280 [HIGH] Pandora Fms 3.1 - Blind SQL Injection
Pandora Fms 3.1 - Blind SQL Injection
---
[+] Introduction
Pandora FMS (for Pandora Flexible Monitoring System) is a software
solution for monitoring computer networks. It allows monitoring in a
visual way the status and performance of several parameters from
different operating systems, servers, applications and hardware systems
such as firewalls, proxies, databases, web servers or routers.
It can be deployed in almost any operating system. It features remote
monitoring (WMI, SNMP, TCP. UDP, ICMP, HTTP...) and it can also use
agents. An agent is available for each platform. It can also monitor
hardware systems with a TCP/IP stack, such as load balancers, routers,
network switches, printers or firewalls.
This software has several servers that process and get information from
different
Exploit-DB
Pandora Fms 3.1 - SQL Injection
exploitdb·2010-11-30·CVSS 7.5
CVE-2010-4280 [HIGH] Pandora Fms 3.1 - SQL Injection
Pandora Fms 3.1 - SQL Injection
---
[+] Introduction
Pandora FMS (for Pandora Flexible Monitoring System) is a software
solution for monitoring computer networks. It allows monitoring in a
visual way the status and performance of several parameters from
different operating systems, servers, applications and hardware systems
such as firewalls, proxies, databases, web servers or routers.
It can be deployed in almost any operating system. It features remote
monitoring (WMI, SNMP, TCP. UDP, ICMP, HTTP...) and it can also use
agents. An agent is available for each platform. It can also monitor
hardware systems with a TCP/IP stack, such as load balancers, routers,
network switches, printers or firewalls.
This software has several servers that process and get information from
different sourc
No writeups or analysis indexed.
http://osvdb.org/69547http://osvdb.org/69548http://seclists.org/fulldisclosure/2010/Nov/326http://secunia.com/advisories/42347http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/downloadhttp://www.exploit-db.com/exploits/15641http://www.exploit-db.com/exploits/15642http://www.securityfocus.com/archive/1/514939/100/0/threadedhttp://www.securityfocus.com/bid/45112http://osvdb.org/69547http://osvdb.org/69548http://seclists.org/fulldisclosure/2010/Nov/326http://secunia.com/advisories/42347http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/downloadhttp://www.exploit-db.com/exploits/15641http://www.exploit-db.com/exploits/15642http://www.securityfocus.com/archive/1/514939/100/0/threadedhttp://www.securityfocus.com/bid/45112
2010-12-02
Published