Pandora FMS Multiple Vulnerabilities - Dec14 Network Vulnerability

Summary

This host is installed with Pandora FMS and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attackers to gain privileged access, inject or manipulate SQL queries in the back-end database allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application

Solution

Upgrade to Pandora FMS version 5.1 SP1 or later. For updates refer http://pandorafms.com

Insight

Multiple flaws are due to, - The application installs with default user credentials. - An input passed to index.php script via the 'user' parameter is not properly sanitized before returning to users.

Affected

Pandora FMS version 5.0 SP2 and prior.

Detection

Send a crafted request via HTTP GET and check whether it is able to execute sql query or not.

References

http://osvdb.org/115077
http://osvdb.org/115078
http://www.exploit-db.com/exploits/35380

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ArticleFR CMS Multiple Vulnerabilities - Jan15
4Images <= 1.7.1 Directory Traversal Vulnerability
AdPeeps 'index.php' Multiple Vulnerabilities.
ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
Artifectx xClassified 'catid' SQL Injection Vulnerability

Take action and discover your vulnerabilities