CVE-2024-11320

CRITICAL NUCLEI

Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password

Title source: metasploit

Description

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4

Exploits (2)

nomisec WORKING POC 9 stars

by mhaskar · poc

https://github.com/mhaskar/CVE-2024-11320

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pandora_fms_auth_rce_cve_2024_11320.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Pandora v7.0NG.777.3 - Remote Code Execution

CRITICALby DhiyaneshDK,Shubham Rooter,pdresearch,iamnoooob

Shodan: http.html:"pandora fms - installation wizard" || http.title:"pandora fms"

FOFA: body="pandora fms - installation wizard" || title="pandora fms"

References (1)

[Vendor Advisory] https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Scores

CVSS v3 9.8

EPSS 0.9262

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

pandorafms/pandora_fms 700 - 777.5

Published Nov 21, 2024

Tracked Since Feb 18, 2026