qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Pandora-FMS-SQL-Injection-(...

79 lines
3.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Pandora FMS SQL Injection (CVE-2021-32099)",
"Description": "<p>Pandora FMS is a business-oriented on-premise monitoring software.</p><p>The Pandora FMS monitoring software has a SQL injection vulnerability. The attacker executes malicious statements through chart_generator.php to obtain sensitive database information.</p>",
"Product": "Pandora FMS",
"Homepage": "https://pandorafms.com/",
"DisclosureDate": "2022-02-09",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"pandora.css\"",
"GobyQuery": "body=\"pandora.css\"",
"Level": "2",
"Impact": "<p>The Pandora FMS monitoring software has a SQL injection vulnerability. The attacker executes malicious statements through chart_generator.php to obtain sensitive database information.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://pandorafms.com/community/\">https://pandorafms.com/community/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Pandora FMS 监控软件 SQL注入漏洞CVE-2021-32099",
"VulType": [
"SQL注入"
],
"Tags": [
"SQL注入"
],
"Description": "<p>Pandora FMS是一款面向业务的内部部署监控软件。</p><p>Pandora FMS监控软件存在SQL注入漏洞攻击者通过chart_generator.php 来执行恶意语句,获取数据库敏感信息。</p>",
"Impact": "<p>Pandora FMS监控软件存在SQL注入漏洞攻击者通过chart_generator.php 来执行恶意语句,获取数据库敏感信息。</p>",
"Product": "Pandora FMS",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://pandorafms.com/community/\">https://pandorafms.com/community/</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Pandora FMS SQL Injection (CVE-2021-32099)",
"VulType": [
"sqli"
],
"Tags": [
"sqli"
],
"Description": "<p>Pandora FMS is a business-oriented on-premise monitoring software.</p><p>The Pandora FMS monitoring software has a SQL injection vulnerability. The attacker executes malicious statements through chart_generator.php to obtain sensitive database information.</p>",
"Impact": "<p>The Pandora FMS monitoring software has a SQL injection vulnerability. The attacker executes malicious statements through chart_generator.php to obtain sensitive database information.</p>",
"Product": "Pandora FMS",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://pandorafms.com/community/\">https://pandorafms.com/community/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202105-339"
],
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "CURRENT_USER()"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"sqli"
],
"VulType": [
"sqli"
],
"CVEIDs": [
"CVE-2021-32099"
],
"CVSSScore": "9.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
"CNNVD-202105-339"
],
"CNVD": [
""
],
"ExploitSteps": null,
"Is0day": false
}
Reference in New Issue View Git Blame Copy Permalink