CVE-2024-35305 HIGH

CVE-2024-35305: Unauth Time-Based SQL Injection via API

Vendor Pandora Fms
Product Pandora FMS
Weakness CWE-89 · SQLi
Published June 10, 2024
Last update August 2, 2024

CVSS base score

8.9/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:L/U:Green

What the vulnerability does

01Description

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.

Key dates

02Disclosure timeline

June 10, 2024 CVE published
August 2, 2024 Record updated