CVE-2014-125115

CRITICAL

Pandora FMS <5.0 SP2 - SQL Injection

Title source: llm

Description

An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administrator credentials or active session tokens via crafted requests. This occurs because input is directly concatenated into an SQL query without adequate validation, enabling SQL injection. After authentication is bypassed, a second vulnerability in the File Manager component permits arbitrary PHP file uploads. The file upload functionality does not enforce MIME-type or file extension restrictions, allowing authenticated users to upload web shells into a publicly accessible directory and achieve remote code execution.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/35380

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pandora_fms_sqli.rb

View Code ZIP pw:eip

References (5)

[Various Sources] https://web.archive.org/web/20140331231237/http://pandorafms.com/downloads/whats_new_5-SP3.pdf

[Various Sources] https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/pandora_fms_sqli.rb

[Various Sources] https://web.archive.org/web/20140304121149/http://blog.pandorafms.org/?p=2041

[Third Party Advisory] https://www.vulncheck.com/advisories/pandora-fms-default-creds-sqli-rce

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/35380

Scores

CVSS v4 10.0

EPSS 0.6504

EPSS Percentile 98.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Details

CWE

CWE-798 CWE-89

Status published

Products (1)

Artica ST/Pandora FMS < 5.0 SP2

Published Jul 25, 2025

Tracked Since Feb 18, 2026