CVE-2023-44088 MEDIUM

CVE-2023-44088: SQL Injection in Visual Console

Vendor Pandora Fms

Product Pandora FMS

Weakness CWE-89 · SQLi

Published December 29, 2023

Last update April 17, 2025

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.

Key dates

02Disclosure timeline

December 29, 2023 CVE published

April 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-44088

Related vulnerabilities

04Related CVE

CVE-2024-0276 Kashipara Food Management System rawstock_used_damaged_smt.php sql injection CVE-2022-2724 SourceCodester Employee Management System aprocess.php sql injection CVE-2024-56047 WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ SQL Injection vulnerability CVE-2023-45347 Online Food Ordering System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) CVE-2026-0578 code-projects Online Product Reservation System delete.php sql injection