Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:SQL:INJ:PANDORA-FMS

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Pandora FMS SQL Injection Vulnerabilities

Release Date

 2017/04/25

Update Number

 2875

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Pandora FMS SQL Injection Vulnerabilities


This signature detects an attempt to exploit an Use-After-Free Vulnerability in Pandora FMS. Successful exploitation could allow remote authenticated users to execute arbitrary SQL commands.

Extended Description

Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.

Affected Products

  • Artica pandora_fms 1.2
  • Artica pandora_fms 1.3
  • Artica pandora_fms 1.3.1
  • Artica pandora_fms 2.0
  • Artica pandora_fms 2.1
  • Artica pandora_fms 2.1.1
  • Artica pandora_fms 3.0
  • Artica pandora_fms 3.1

References

  • BugTraq: 45112
  • CVE: CVE-2010-4280

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out