CVE-2010-4280

Pandora FMS < 3.1 - Authenticated SQL Injection via id_group or group_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-4280. PoCs published by Juan Galiana Lara.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Pandora FMS (CVE-2010-4280) by injecting a UNION-based query to extract user credentials from the database. The PoC includes a Python script that automates the extraction of usernames and password hashes.

Description

Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.

Exploits (2)

exploitdb WORKING POC

by Juan Galiana Lara · textwebappsphp

https://www.exploit-db.com/exploits/15641

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Pandora FMS (CVE-2010-4280) by injecting a UNION-based query to extract user credentials from the database. The PoC includes a Python script that automates the extraction of usernames and password hashes.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Pandora FMS versions prior to and including 3.1

No auth needed

Prerequisites: Network access to the Pandora FMS web interface · Valid PHP session cookie (if authentication is required)

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Juan Galiana Lara · textwebappsphp

https://www.exploit-db.com/exploits/15642

View Code ZIP pw:eip

This is a working proof-of-concept for a blind SQL injection vulnerability in Pandora FMS. The exploit targets the 'group_id' parameter in 'operation/agentes/estado_agente.php' to extract password hashes from the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Pandora FMS versions prior to and including 3.1

Auth required

Prerequisites: Valid PHPSESSID cookie · Network access to the target Pandora FMS instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42347

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/514939/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/69548

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/69547

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15641

Patch x_refsource_confirm

http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45112

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2010/Nov/326

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15642

Scores

EPSS 0.0534

EPSS Percentile 91.6%

Details

CWE

CWE-89

Status published

Products (9)

artica/pandora_fms 1.2

artica/pandora_fms 1.3 (5 CPE variants)

artica/pandora_fms 1.3.1

artica/pandora_fms 2.0 (2 CPE variants)

artica/pandora_fms 2.1

artica/pandora_fms 2.1.1

artica/pandora_fms 3.0 (3 CPE variants)

artica/pandora_fms 3.1 rc1

artica/pandora_fms < 3.1

Published Dec 02, 2010

Tracked Since Feb 18, 2026