Deserialization of untrusted data

2021-05-0704:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.4%

Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.

CPENameOperatorVersion
pandora_fmseq742

CPE	Name	Operator	Version
	pandora_fms	eq	742

References

blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained

pandorafms.com/blog/whats-new-in-pandora-fms-743/

portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack