SQL Injection in Artica Pandora_fms
CVE-2010-4280
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id…
Vulnerability class: SQL Injection
EPSS: 0.048 (89.7th percentile) — read the EPSS interpretation.
Affected products
- Artica Pandora_fms — versions 2.0, 1.3, 3.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 42347 (x_refsource_SECUNIA, third-party-advisory)
- 20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)
- 69548 (x_refsource_OSVDB, vdb-entry)
- 69547 (x_refsource_OSVDB, vdb-entry)
- 15641 (exploit, x_refsource_EXPLOIT-DB)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- 45112 (vdb-entry, x_refsource_BID)
- 20101130 Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities (mailing-list, x_refsource_FULLDISC)
- 15642 (exploit, x_refsource_EXPLOIT-DB)