CVE-2010-4280

Published: Dec 2, 2010Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.

Affected (16)

Products: Artica: Pandora Fms

1 product

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Artica Pandora Fms	Up to 3.1
Artica Pandora Fms	Version 1.2
Artica Pandora Fms	Version 1.3.1
Artica Pandora Fms	Version 1.3
Artica Pandora Fms	Version 1.3 beta1
Artica Pandora Fms	Version 1.3 beta2
Artica Pandora Fms	Version 1.3 beta3
Artica Pandora Fms	Version 1.3 beta
Artica Pandora Fms	Version 2.0
Artica Pandora Fms	Version 2.0 beta
Artica Pandora Fms	Version 2.1.1
Artica Pandora Fms	Version 2.1
Artica Pandora Fms	Version 3.0
Artica Pandora Fms	Version 3.0 rc1
Artica Pandora Fms	Version 3.0 rc2
Artica Pandora Fms	Version 3.1 rc1

Related CWEs

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (18)

http://osvdb.org/69547

Source: cve@mitre.org

http://osvdb.org/69548

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2010/Nov/326

Source: cve@mitre.org

http://secunia.com/advisories/42347

Source: cve@mitre.org

http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

Source: cve@mitre.org

Patch

http://www.exploit-db.com/exploits/15641

Source: cve@mitre.org

http://www.exploit-db.com/exploits/15642

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/514939/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/45112

Source: cve@mitre.org

http://osvdb.org/69547

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/69548

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2010/Nov/326

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/42347

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.exploit-db.com/exploits/15641

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/15642

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/514939/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45112

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.