2 matches found
CVE-2014-125115 Pandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCE
An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhashdata parameter, allowing attackers to extract administrator credentials or active session tokens via crafted...
Pandora FMS 5.0 RC1 RCE
Remote command execution vulnerability in Pandora FMS Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...