Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Artica Pandora FMS默认配置授权问题漏洞
Vulnerability Description
Pandora FMS(Flexible Monitoring System)是Pandora FMS团队的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Pandora FMS 3.1及之前版本中的默认配置为loginhash_pwd字段指定了一个空字符串。远程攻击者可以通过向index.php文件(带有loginhash_user参数中的"admin",结合loginhash_data参数中"admin"的md5散列)发送请求,从而绕过认证。
CVSS Information
N/A
Vulnerability Type
N/A