CVE-2023-44091

HIGH

Pandora FMS 700-<776 - Unauthenticated SQL Injection

Title source: llm
STIX 2.1

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through <776.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0045
EPSS Percentile 36.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
artica/pandora_fms 700 - 776
Published Mar 19, 2024
Tracked Since Feb 18, 2026