CVE-2024-35306

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 700 through 776

Description The issue is related to OS Command injection in Ajax PHP files via HTTP Request, allowing the execution of system commands by exploiting variables. This can enable an attacker to execute arbitrary commands in the files.

Recommendations For Pandora FMS versions 700 through 776, consider disabling the execution of system commands in Ajax PHP files until a patch is available. Restrict access to the vulnerable Ajax PHP files to minimize the risk of exploitation. Avoid using variables that can be exploited via HTTP requests in the affected files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.