CVE-2024-9987

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 700 through 777.2

Description A post-authentication SQL Injection vulnerability exists within the filters parameter of the extensions/agents modules csv functionality. This issue allows for potential SQL injection attacks after a user has authenticated, which could lead to unauthorized access or manipulation of data. The estimated number of potentially affected devices worldwide is not specified. There is a risk of unauthenticated remote code execution.

Recommendations For Pandora FMS versions 700 through 777.2, upgrade Pandora FMS immediately to protect your monitoring infrastructure. As a temporary workaround, consider restricting access to the extensions/agents modules csv functionality until a patch is available. Avoid using the filters parameter in the affected functionality to minimize the risk of exploitation.