Total vulnerabilities in the database
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.
| Software | From | Fixed in |
|---|---|---|
| artica / pandora_fms | 1.3-beta2 | 1.3-beta2.x |
| artica / pandora_fms | 1.3-beta | 1.3-beta.x |
| artica / pandora_fms | 1.2 | 1.2.x |
| artica / pandora_fms | 2.1.1 | 2.1.1.x |
| artica / pandora_fms | 1.3-beta3 | 1.3-beta3.x |
| artica / pandora_fms | - | 3.1.x |
| artica / pandora_fms | 1.3-beta1 | 1.3-beta1.x |
| artica / pandora_fms | 3.0-rc1 | 3.0-rc1.x |
| artica / pandora_fms | 2.0 | 2.0.x |
| artica / pandora_fms | 1.3 | 1.3.x |
| artica / pandora_fms | 2.0-beta | 2.0-beta.x |
| artica / pandora_fms | 3.0-rc2 | 3.0-rc2.x |
| artica / pandora_fms | 1.3.1 | 1.3.1.x |
| artica / pandora_fms | 2.1 | 2.1.x |
| artica / pandora_fms | 3.0 | 3.0.x |
| artica / pandora_fms | 3.1-rc1 | 3.1-rc1.x |