What is CVE-2021-32099?

CVE-2021-32099 is a vulnerability in N/a. Published 2021-05-07.

Is CVE-2021-32099 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-32099

A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login b…

EPSS: 0.596 (98.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

magicrc/CVE-2021-32099
20142995/Goby
20142995/nuclei-templates
ARPSyndicate/cvemon
HimmelAward/Goby_
NaInSec/CVE-PoC-in-GitHub
NyxAzrael/Goby_
SYRTI/POC_
WhooAmii/POC_
Z0fhack/Goby_

References

blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained (x_refsource_MISC)
pandorafms.com/blog/whats-new-in-pandora-fms-743/ (x_refsource_MISC)
portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigge… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32099?: CVE-2021-32099 is a vulnerability in N/a. Published 2021-05-07.
Is CVE-2021-32099 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.