CVE-2024-35306 HIGH

CVE-2024-35306: OS Command injection in Ajax PHP files through HTTP Request

Vendor Pandora Fms
Product Pandora FMS
Weakness CWE-78
Published June 10, 2024
Last update August 2, 2024

CVSS base score

8.7/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/AU:Y/R:U/RE:L/U:Red

What the vulnerability does

01Description

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777.

Key dates

02Disclosure timeline

June 10, 2024 CVE published
August 2, 2024 Record updated