The exploit allows an attacker to perform SQL injection in PandoraFMS version 7.0NG.772. By manipulating certain parameters, an attacker can inject malicious SQL queries, potentially gaining unauthorized access to the database. This vulnerability has been assigned CVE-2023-44088.
By asking network administrator to scan SNMP device to trigger Cross Site Scripting(XSS), we can call a remote JavaScript file to execute arbitrary code to reach Remote Code Execution on PandoraFMS.
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020.
A blind SQL injection vulnerability exists in the 'Network Scan' functionality of Pandora FMS. The vulnerable parameter is 'network_csv'.
A persistent cross-site scripting vulnerability exists in the 'Edit OS' and 'Private Enterprise Numbers' functionalities of Pandora FMS. Vulnerable parameters include 'name', 'description', 'manufacturer' and 'description'.
A blind SQL injection vulnerability exists in the 'CG Items' functionality of Pandora FMS. The vulnerable parameter is 'data'.
A stored cross-site scripting (XSS) in Pandora FMS 7.0 NG 747 can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. To exploit vulnerability, someone could use a POST request to '/pandora_console/index.php' by manipulating 'filename' parameter in the request body to impact users who open a maliciously crafted link or third-party web page.
An authenticated remote code execution vulnerability exists in Pandora FMS 7.0NG in the 'net_tools.php' file. The vulnerability is due to the lack of proper input validation when handling user-supplied data. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable file. This will allow the attacker to execute arbitrary code on the vulnerable system.
This exploit can be used to exploit 4x Authenticated RCE vulnerabilities exist on PANDORAFMS. In case the default vulnerable variable won't work, the payload can be changed to one of the following ip_src, dst_port, src_port.
Pandora 7.0NG is vulnerable to a remote code execution vulnerability. An attacker can send a crafted graph request with a malicious ip_src parameter to execute arbitrary code on the vulnerable system. This vulnerability is due to insufficient sanitization of user-supplied input in the ip_src parameter of the graph request. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the vulnerable system.
Services By CQR