CNNVD-202507-3272 Information

CNNVD ID

CNNVD-202507-3272

Related CVE

CVE-2014-125115

• CNNVD Published: 2025-07-25

Description (Chinese)

Pandora FMS是美国Pandora FMS公司的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Pandora FMS 5.0 SP2及之前版本存在安全漏洞，该漏洞源于loginhash_data参数未正确清理，可能导致SQL注入攻击和远程代码执行。

Description (English)

Pandora FMS is a surveillance system for Pandora FMS in the United States. The system monitors networks, servers, virtual infrastructure and applications in a visual way. Pandora FMS 5.0 SP2 and previous versions had a security loophole, which stemmed from an incorrect clean-up of loginhash data parameters, which could lead to SQL injection into attack and remote code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Pandora FMS

Published

2025-07-25

Last Modified

2026-02-24

References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/ http://blog.pandorafms.org/?p=2041 https://web.archive.org/web/20140304121149/ http://pandorafms.com/downloads/whats_new_5-SP3.pdf https://web.archive.org/web/20140331231237/ https://www.exploit-db.com/exploits/35380 https://www.vulncheck.com/advisories/pandora-fms-default-creds-sqli-rce https://access.redhat.com/security/cve/cve-2014-125115