CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35305 – Unauth Time-Based SQL Injection via API
https://notcve.org/view.php?id=CVE-2024-35305
Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35304 – System command injection through Netflow function
https://notcve.org/view.php?id=CVE-2024-35304
System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •