Lucene search
K

CVE-2024-11320

🗓️ 21 Nov 2024 10:03:08Reported by PandoraFMSType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 784 Views🌐 WEB

Arbitrary command execution via LDAP in Pandora FM

Related
Detection
Affected
Refs
Paths
Social
NVD
Node
pandorafmspandora_fmsRange700777.5
[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Pandora FMS",
    "versions": [
      {
        "lessThanOrEqual": "777.4",
        "status": "affected",
        "version": "700",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
loginquery param/pandora_console/index.php?login=1Initial GET to fetch CSRF code during login flow.CWE-77
csrf_coderequest body/pandora_console/index.phpLDAP misconfiguration leading to command injection via RCE payload in ldap_admin_login during LDAP setup.CWE-77
authrequest body/pandora_console/index.phpLDAP misconfiguration leading to command injection via RCE payload in ldap_admin_login during LDAP setup.CWE-77
fallback_local_authrequest body/pandora_console/index.phpLDAP misconfiguration leading to command injection via RCE payload in ldap_admin_login during LDAP setup.CWE-77
ldap_admin_loginrequest body/pandora_console/index.phpLDAP misconfiguration leading to command injection via RCE payload in ldap_admin_login during LDAP setup.CWE-77
ldap_admin_passrequest body/pandora_console/index.phpLDAP misconfiguration leading to command injection via RCE payload in ldap_admin_login during LDAP setup.CWE-77
ldap_serverrequest body/pandora_console/index.phpLDAP misconfiguration leading to command injection via RCE payload in ldap_admin_login during LDAP setup.CWE-77
ldap_portrequest body/pandora_console/index.phpLDAP misconfiguration leading to command injection via RCE payload in ldap_admin_login during LDAP setup.CWE-77
ldap_versionrequest body/pandora_console/index.phpLDAP misconfiguration leading to command injection via RCE payload in ldap_admin_login during LDAP setup.CWE-77
ldap_base_dnrequest body/pandora_console/index.phpLDAP misconfiguration leading to command injection via RCE payload in ldap_admin_login during LDAP setup.CWE-77
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 06:57Current
10High risk
Vulners AI Score10
CVSS 3.19.8
CVSS 46.9
EPSS0.9123
SSVC
784