CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35308 – Post-auth Arbitrary File Read in the Server Plugins Section
https://notcve.org/view.php?id=CVE-2024-35308
A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9987 – SQL Injection in CSV Module Data Collection
https://notcve.org/view.php?id=CVE-2024-9987
A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35307 – Argument Injection Leading to Remote Code Execution in Realtime Graph Extension
https://notcve.org/view.php?id=CVE-2024-35307
Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35306 – OS Command injection in Ajax PHP files through HTTP Request
https://notcve.org/view.php?id=CVE-2024-35306
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35305 – Unauth Time-Based SQL Injection via API
https://notcve.org/view.php?id=CVE-2024-35305
Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •