What is CVE-2014-125115?

CVE-2014-125115 is a vulnerability in Artica St Pandora Fms, classified under Use of Hard-coded Credentials. Published 2025-07-25.

Is CVE-2014-125115 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Artica St Pandora Fms

CVE-2014-125115

An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administra…

EPSS: 0.768 (99.0th percentile) — read the EPSS interpretation.

Affected products

Artica St Pandora Fms — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

References

www.exploit-db.com/exploits/35380 (exploit)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
web.archive.org/web/20140331231237/http://pandorafms.com/downloads/whats_new_5-… (vendor-advisory)
web.archive.org/web/20140304121149/http://blog.pandorafms.org/ (vendor-advisory)
www.vulncheck.com/advisories/pandora-fms-default-creds-sqli-rce (third-party-advisory)

Frequently asked questions

What is CVE-2014-125115?: CVE-2014-125115 is a vulnerability in Artica St Pandora Fms, classified under Use of Hard-coded Credentials. Published 2025-07-25.
Is CVE-2014-125115 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.