Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Pandora FMS Authenticated Remote Code Execution via Ping Module
Vulnerability Description
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Pandora FMS 安全漏洞
Vulnerability Description
Pandora FMS是美国Pandora FMS公司的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Pandora FMS 7.0NG及之前版本存在安全漏洞,该漏洞源于net_tools.php功能允许认证用户执行任意OS命令,可能导致命令注入。
CVSS Information
N/A
Vulnerability Type
N/A