CVE-2021-32099

This repository contains a functional exploit for CVE-2021-32099, which leverages a SQL injection vulnerability in Pandora FMS to bypass authentication and upload a reverse shell for remote code execution.

The repository contains a functional SQL injection (SQLi) proof-of-concept for CVE-2021-32099, targeting Pandora FMS 742. The exploit leverages a union-based SQLi in the `chart_generator.php` endpoint to manipulate session data and potentially escalate privileges.

This repository provides a detailed technical analysis of CVE-2021-32099, a SQL injection vulnerability in Pandora FMS v7.0NG.742_FIX_PERL2020. It includes root cause analysis, code snippets, and a proof-of-concept payload for bypassing authentication via session manipulation.

This repository contains a functional proof-of-concept for CVE-2021-32099, a SQL injection vulnerability in Pandora FMS. The exploit leverages a UNION-based SQLi in the chart_generator.php endpoint to inject a serialized PHP session containing admin credentials.