CVE-2025-34088

High CVSS: 8.6

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being passed to system commands, enabling command injection.

Vendor

Pandorafms

Product

Pandora Fms

CWE

CWE-78

Yayın Tarihi

2025-07-03 20:15:23

Güncelleme

2025-09-16 19:44:41

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Pandora Fms HIGH Pandorafms 2025

Referanslar

https://github.com/pandorafms/pandorafms https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/pandora_ping_cmd_exec.rb https://vulncheck.com/advisories/pandora-fms-rce-via-ping https://www.exploit-db.com/exploits/48334 https://www.rapid7.com/db/modules/exploit/linux/http/pandora_ping_cmd_exec/

Benzer Kayıtlar

High

CVE-2025-5306

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue af…

High

CVE-2024-12992

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This…

High

CVE-2024-12971

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affec…