CVE-2023-44088 - Vulnerability Details - OpenCVE

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00195.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Pandorafms	Pandora Fms

Configuration 1 [-]

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-48447	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.

Fixes

Solution

Fixed in v775.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

History

Thu, 17 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: PandoraFMS

Published: 2023-12-29T11:48:12.417Z

Updated: 2025-04-17T20:18:40.276Z

Reserved: 2023-09-25T08:33:09.669Z

Link: CVE-2023-44088

Vulnrichment

Updated: 2024-08-02T19:52:11.916Z

NVD

Status : Modified

Published: 2023-12-29T12:15:43.883

Modified: 2024-11-21T08:25:12.677

Link: CVE-2023-44088

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44088", "assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "state": "PUBLISHED", "assignerShortName": "PandoraFMS", "dateReserved": "2023-09-25T08:33:09.669Z", "datePublished": "2023-12-29T11:48:12.417Z", "dateUpdated": "2025-04-17T20:18:40.276Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["all"], "product": "Pandora FMS", "vendor": "Pandora FMS", "versions": [{"lessThanOrEqual": "774", "status": "affected", "version": "700", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Osama Yousef <su.osamayousef@gmail.com>"}], "datePublic": "2023-12-29T11:50:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. <span style=\"background-color: var(--darkreader-bg--wht);\">This issue affects Pandora FMS: from 700 through 774.</span>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection.\u00a0Arbitrary SQL queries were allowed to be executed using any account with low privileges.\u00a0This issue affects Pandora FMS: from 700 through 774."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "shortName": "PandoraFMS", "dateUpdated": "2023-12-29T11:48:12.417Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Fixed in v775."}], "value": "Fixed in v775."}], "source": {"discovery": "EXTERNAL"}, "title": "SQL Injection in Visual Console", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.916Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-03T16:09:39.890625Z", "id": "CVE-2023-44088", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T20:18:40.276Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.916Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44088", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-03T16:09:39.890625Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T20:18:36.137Z"}}], "cna": {"title": "SQL Injection in Visual Console", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Osama Yousef <su.osamayousef@gmail.com>"}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pandora FMS", "product": "Pandora FMS", "versions": [{"status": "affected", "version": "700", "versionType": "custom", "lessThanOrEqual": "774"}], "platforms": ["all"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Fixed in v775.", "supportingMedia": [{"type": "text/html", "value": "Fixed in v775.", "base64": false}]}], "datePublic": "2023-12-29T11:50:00.000Z", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection.\u00a0Arbitrary SQL queries were allowed to be executed using any account with low privileges.\u00a0This issue affects Pandora FMS: from 700 through 774.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. <span style=\"background-color: var(--darkreader-bg--wht);\">This issue affects Pandora FMS: from 700 through 774.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "shortName": "PandoraFMS", "dateUpdated": "2023-12-29T11:48:12.417Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44088", "state": "PUBLISHED", "dateUpdated": "2025-04-17T20:18:40.276Z", "dateReserved": "2023-09-25T08:33:09.669Z", "assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "datePublished": "2023-12-29T11:48:12.417Z", "assignerShortName": "PandoraFMS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*", "matchCriteriaId": "32CA2B6C-ACCC-4EFA-A0CE-C0B45FC888E7", "versionEndIncluding": "774", "versionStartIncluding": "700", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection.\u00a0Arbitrary SQL queries were allowed to be executed using any account with low privileges.\u00a0This issue affects Pandora FMS: from 700 through 774."}, {"lang": "es", "value": "La neutralizaci\u00f3n incorrecta de elementos especiales utilizados en una vulnerabilidad de Comando SQL ('Inyecci\u00f3n SQL') en Pandora FMS on all permite la Inyecci\u00f3n SQL. Se permit\u00eda ejecutar consultas SQL arbitrarias utilizando cualquier cuenta con pocos privilegios. Este problema afecta a Pandora FMS: del 700 al 774."}], "id": "CVE-2023-44088", "lastModified": "2024-11-21T08:25:12.677", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 4.7, "source": "security@pandorafms.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-29T12:15:43.883", "references": [{"source": "security@pandorafms.com", "tags": ["Vendor Advisory"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}], "sourceIdentifier": "security@pandorafms.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security@pandorafms.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}