15 matches found
EUVD-2025-17709
Malicious code in bioql PyPI...
📄 Pandora ITSM Authenticated Command Injection
This Metasploit module exploits a command injection vulnerability in the name backup setting at the application setup page of Pandora ITSM. This can be triggered by generating a backup with a malicious payload injected at the name parameter. You need to have admin access at the Pandora ITSM Web...
CVE-2025-4678
Improper Neutralization of Special Elements in the chromiumpath variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105...
CVE-2025-4653
Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105...
EUVD-2025-17710
Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105...
CVE-2025-4678
Improper Neutralization of Special Elements in the chromiumpath variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105...
CVE-2025-4653
Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105...
CVE-2025-4678 Remote Code Execution leads to Command Injection
Improper Neutralization of Special Elements in the chromiumpath variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105...
CVE-2025-4678
CVE-2025-4678 affects Pandora ITSM 5.0.105. The root cause is improper neutralization of special elements in the chromium_path variable, which may permit OS command injection. The CVSS data indicates network attack vector, high severity (7.0), with high privileges required and no user interaction...
CVE-2025-4678 Remote Code Execution leads to Command Injection
Improper Neutralization of Special Elements in the chromiumpath variable may allow OS command injection. This issue affects Pandora ITSM 5.0.105...
CVE-2025-4653 Remote Code Execution leads to Command Injection
Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105...
CVE-2025-4653 Remote Code Execution leads to Command Injection
Improper Neutralization of Special Elements in the backup name field may allow OS command injection. This issue affects Pandora ITSM 5.0.105...
CVE-2025-4653
CVE-2025-4653 affects Pandora ITSM 5.0.105 due to improper neutralization of special elements in the backup name field, enabling command injection and authenticated remote code execution. Public materials describe an in-application backup name parameter vulnerability exploitable with admin access...
PT-2025-24699 · Unknown · Pandora Itsm
Name of the Vulnerable Software and Affected Versions: Pandora ITSM version 5.0.105 Description: The issue is related to the improper neutralization of special elements in the backup name field, which may allow OS command injection. Recommendations: For Pandora ITSM version 5.0.105, update to a...
PT-2025-24700 · Unknown · Pandora Itsm
Name of the Vulnerable Software and Affected Versions: Pandora ITSM version 5.0.105 Description: The issue is related to the improper neutralization of special elements in the chromium path variable, which may allow OS command injection. Recommendations: For Pandora ITSM version 5.0.105, consider...