Описание
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
Ссылки
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
Уязвимость реализации сценария include/chart_generator.php компонента Pandora Console системы мониторинга и управления IT-средами Pandora FMS, позволяющая нарушителю обойти ограничения безопасности и выполнить произвольный SQL-код
EPSS
9.8 Critical
CVSS3
7.5 High
CVSS2