CVE-2024-35305

Name of the Vulnerable Software and Affected Versions Pandora FMS versions 700 through 776

Description The issue is related to incorrect processing of SQL query headers in the Pandora FMS system monitoring and management interface. This allows a remote attacker to exploit the vulnerability, potentially executing arbitrary SQL queries and gaining unauthorized access to protected information. The vulnerability can be exploited through the API by manipulating the HTTP request Authorization header.

Recommendations For Pandora FMS versions 700 through 776, consider disabling access to the vulnerable API endpoint until a patch is available. Restrict access to the Authorization header in HTTP requests to minimize the risk of exploitation. As a temporary workaround, avoid using the Authorization header in API requests until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.