A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
References
Link | Resource |
---|---|
https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained | Exploit Third Party Advisory |
https://pandorafms.com/blog/whats-new-in-pandora-fms-743/ | Release Notes Vendor Advisory |
https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-05-07T03:51:15
Updated: 2021-05-07T03:51:15
Reserved: 2021-05-07T00:00:00
Link: CVE-2021-32099
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-07T04:15:07.310
Modified: 2021-05-11T19:56:22.357
Link: CVE-2021-32099
JSON object: View
Redhat Information
No data.
CWE