EIP-2026-110459

PRE-CVE

Pandora FMS 5.1 SP1 - SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110459. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Pandora FMS v5.1 SP1 via the 'offset' parameter in multiple endpoints. The PoC includes crafted URLs that trigger SQL errors, confirming the vulnerability.

Description

Pandora FMS 5.1 SP1 - SQL Injection

Exploits (1)

exploitdb WORKING POC
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/36055

The exploit demonstrates SQL injection vulnerabilities in Pandora FMS v5.1 SP1 via the 'offset' parameter in multiple endpoints. The PoC includes crafted URLs that trigger SQL errors, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Pandora FMS v5.1 SP1
Auth required
Prerequisites: Low-privileged application user account · Access to vulnerable endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026