I@Qvq.Im

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions 700 through 777.3 **Description** A post-authentication arbitrary file read issue exists within the server plugins section in the plugin edition feature. This allows for unauthorized access to files on the server. **Recommendations** For versions 700 through 777.3, as a temporary workaround, consider restricting access to the plugin edition feature until a patch is available. Additionally, limit the permissions of the server plugins section to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Pandora FMS versions 700 through 777.2 **Description** A post-authentication SQL Injection vulnerability exists within the `filters` parameter of the `extensions/agents modules csv` functionality. This issue allows for potential SQL injection attacks after a user has authenticated, which could lead to unauthorized access or manipulation of data. The estimated number of potentially affected devices worldwide is not specified. There is a risk of unauthenticated remote code execution. **Recommendations** For Pandora FMS versions 700 through 777.2, upgrade Pandora FMS immediately to protect your monitoring infrastructure. As a temporary workaround, consider restricting access to the `extensions/agents modules csv` functionality until a patch is available. Avoid using the `filters` parameter in the affected functionality to minimize the risk of exploitation.