PT-2020-16434 · Artica · Artica Pandora Fms

Published

2020-10-02

Updated

2020-10-09

CVE-2020-26518

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Artica Pandora FMS versions prior to 743

Description The issue allows unauthenticated attackers to conduct SQL injection attacks. This is achieved via the session id parameter in the "pandora console/include/chart generator.php" endpoint.

Recommendations For versions prior to 743, update to version 743 or later to resolve the issue. As a temporary workaround, consider restricting access to the "pandora console/include/chart generator.php" endpoint to minimize the risk of exploitation. Avoid using the session id parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-26518

Affected Products

Artica Pandora Fms

PT-2020-16434 · Artica · Artica Pandora Fms

CVE-2020-26518

Weakness Enumeration

Related Identifiers

Affected Products

References · 3