Pandora FMS is prone to an authentication-bypass vulnerability as well as the following input-validation vulnerabilities: 1. A command-injection vulnerability 2. Multiple SQL-injection vulnerabilities 3. A remote file-include vulnerability 4. An arbitrary PHP-code-execution vulnerability 5. Multiple local file-include vulnerabilities Attackers may exploit these issues to execute local and remote script code in the context of the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application. Versions prior and including Pandora FMS 3.1 are vulnerable.

Updates are available. Please see the reference for more details.

• http://pandorafms.org/index.php?sec=project&sec2=home&lng=en
• https://www.securityfocus.com/bid/45112

---

Updated on 2017-03-28