Short Name |
HTTP:SQL:INJ:PANDORA-FMS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Pandora FMS SQL Injection Vulnerabilities |
Release Date |
2017/04/25 |
Update Number |
2875 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects an attempt to exploit an Use-After-Free Vulnerability in Pandora FMS. Successful exploitation could allow remote authenticated users to execute arbitrary SQL commands.
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.