Description
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through <776.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Scores
CVSS v3
7.6
EPSS
0.0085
EPSS Percentile
53.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
artica/pandora_fms
700 - 776
Published
Mar 19, 2024
Tracked Since
Feb 18, 2026