CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12992 – Remote Code Execution leads to Command Injection
https://notcve.org/view.php?id=CVE-2024-12992
17 Mar 2025 — Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 . • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 61%CPEs: 1EXPL: 1CVE-2024-12971 – QuickShell Authenticated Command Injection
https://notcve.org/view.php?id=CVE-2024-12971
17 Mar 2025 — Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6 • https://packetstorm.news/files/id/190367 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.9EPSS: 74%CPEs: 1EXPL: 2CVE-2024-11320 – Command Injection leading to RCE via LDAP Misconfiguration
https://notcve.org/view.php?id=CVE-2024-11320
21 Nov 2024 — Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4 • https://packetstorm.news/files/id/183465 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35308 – Post-auth Arbitrary File Read in the Server Plugins Section
https://notcve.org/view.php?id=CVE-2024-35308
22 Oct 2024 — A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3. A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9987 – SQL Injection in CSV Module Data Collection
https://notcve.org/view.php?id=CVE-2024-9987
22 Oct 2024 — A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3. A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-35307 – Argument Injection Leading to Remote Code Execution in Realtime Graph Extension
https://notcve.org/view.php?id=CVE-2024-35307
10 Jun 2024 — Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777. Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35306 – OS Command injection in Ajax PHP files through HTTP Request
https://notcve.org/view.php?id=CVE-2024-35306
10 Jun 2024 — OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777. OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35305 – Unauth Time-Based SQL Injection via API
https://notcve.org/view.php?id=CVE-2024-35305
10 Jun 2024 — Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777. Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-35304 – System command injection through Netflow function
https://notcve.org/view.php?id=CVE-2024-35304
10 Jun 2024 — System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777. System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •