{ "Name": "Pandora FMS SQL Injection (CVE-2021-32099)", "Description": "
Pandora FMS is a business-oriented on-premise monitoring software.
The Pandora FMS monitoring software has a SQL injection vulnerability. The attacker executes malicious statements through chart_generator.php to obtain sensitive database information.
", "Product": "Pandora FMS", "Homepage": "https://pandorafms.com/", "DisclosureDate": "2022-02-09", "Author": "1291904552@qq.com", "FofaQuery": "body=\"pandora.css\"", "GobyQuery": "body=\"pandora.css\"", "Level": "2", "Impact": "The Pandora FMS monitoring software has a SQL injection vulnerability. The attacker executes malicious statements through chart_generator.php to obtain sensitive database information.
", "Recommendation": "The vendor has released a bug fix, please pay attention to the update in time: https://pandorafms.com/community/
1. Set access policies and whitelist access through security devices such as firewalls.
2. If not necessary, prohibit public network access to the system.
", "Translation": { "CN": { "Name": "Pandora FMS 监控软件 SQL注入漏洞(CVE-2021-32099)", "VulType": [ "SQL注入" ], "Tags": [ "SQL注入" ], "Description": "Pandora FMS是一款面向业务的内部部署监控软件。
Pandora FMS监控软件存在SQL注入漏洞,攻击者通过chart_generator.php 来执行恶意语句,获取数据库敏感信息。
", "Impact": "Pandora FMS监控软件存在SQL注入漏洞,攻击者通过chart_generator.php 来执行恶意语句,获取数据库敏感信息。
", "Product": "Pandora FMS", "Recommendation": "⼚商已发布了漏洞修复程序,请及时关注更新:https://pandorafms.com/community/
1、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。
2、如⾮必要,禁⽌公⽹访问该系统。
" }, "EN": { "Name": "Pandora FMS SQL Injection (CVE-2021-32099)", "VulType": [ "sqli" ], "Tags": [ "sqli" ], "Description": "Pandora FMS is a business-oriented on-premise monitoring software.
The Pandora FMS monitoring software has a SQL injection vulnerability. The attacker executes malicious statements through chart_generator.php to obtain sensitive database information.
", "Impact": "The Pandora FMS monitoring software has a SQL injection vulnerability. The attacker executes malicious statements through chart_generator.php to obtain sensitive database information.
", "Product": "Pandora FMS", "Recommendation": "The vendor has released a bug fix, please pay attention to the update in time: https://pandorafms.com/community/
1. Set access policies and whitelist access through security devices such as firewalls.
2.If not necessary, prohibit public network access to the system.
" } }, "References": [ "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202105-339" ], "HasExp": true, "ExpParams": [ { "name": "cmd", "type": "input", "value": "CURRENT_USER()" } ], "ExpTips": null, "ScanSteps": null, "Tags": [ "sqli" ], "VulType": [ "sqli" ], "CVEIDs": [ "CVE-2021-32099" ], "CVSSScore": "9.0", "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null }, "CNNVD": [ "CNNVD-202105-339" ], "CNVD": [ "" ], "ExploitSteps": null, "Is0day": false }