Pandora FMS Authentication Bypass And Multiple Input Validation Vulnerabilities

Pandora FMS is prone to an authentication-bypass vulnerability as well as the following input-validation vulnerabilities:

1. A command-injection vulnerability
2. Multiple SQL-injection vulnerabilities
3. A remote file-include vulnerability
4. An arbitrary PHP-code-execution vulnerability
5. Multiple local file-include vulnerabilities

Attackers may exploit these issues to execute local and remote script code in the context of the affected application, compromise the application, obtain sensitive information, access or modify data, exploit latent vulnerabilities in the underlying database, and gain administrative access to the affected application.

Versions prior and including Pandora FMS 3.1 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus