CVE-2022-0507

Description

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Affected products

Artica PFMS / Pandora FMSv759 – v759

References

MISChttps://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
MISChttps://www.incibe.es/en/cve-assignment-publication/coordinated-cves
MISChttps://khoori.org/posts/cve-2022-0507/