Lucene search

[email protected]CVE-2023-44090

HistoryMar 19, 2024 - 5:15 p.m.

CVE-2023-44090

2024-03-1917:15:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-44090

sql injection

pandora fms

grafana

nvd

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.7%

JSON

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affects Pandora FMS: from 700 through <776.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Pandora FMS",
    "versions": [
      {
        "lessThanOrEqual": "<776",
        "status": "affected",
        "version": "700",
        "versionType": "custom"
      }
    ]
  }
]

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:L

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.7%

JSON

Related for CVE-2023-44090

cvelist2 nvd2 cve1 prion1