Primary

Context

Pandora FMS Remote Code Execution Vulnerability via OS Command Injection

Vulnerability

Patched

A vulnerability allowing OS command injection that leads to remote code execution has been identified in Pandora FMS versions 700 to 777.6. This issue arises from improper neutralization of special elements used in commands, which can be exploited to execute arbitrary operating system commands on the server.

Impact

Exploitation of this vulnerability allows authenticated users to execute arbitrary OS commands, with the potential for those commands to be crafted to upload and execute malicious files, leading to remote code execution on the server.

Remediation

Users can upgrade to Pandora FMS versions 777.8 or 781 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

10.0

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pandora FMS Remote Code Execution Vulnerability via OS Command Injection

Vulnerability

Impact

Remediation

Affected Products

Pandora FMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating