A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.
History

Fri, 25 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Tue, 22 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Pandorafms
Pandorafms pandora Fms
CPEs cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*
Vendors & Products Pandorafms
Pandorafms pandora Fms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 22 Oct 2024 09:15:00 +0000

Type Values Removed Values Added
Description A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.
Title SQL Injection in CSV Module Data Collection
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/S:N/AU:Y/R:U/V:C/RE:M/U:Red'}


cve-icon MITRE

Status: PUBLISHED

Assigner: PandoraFMS

Published: 2024-10-22T09:00:57.871Z

Updated: 2024-10-22T13:13:31.854Z

Reserved: 2024-10-15T10:20:25.623Z

Link: CVE-2024-9987

cve-icon Vulnrichment

Updated: 2024-10-22T13:13:26.923Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-22T09:15:03.497

Modified: 2024-10-25T19:06:35.350

Link: CVE-2024-9987

cve-icon Redhat

No data.