Lucene search
PandoraFMSCVELIST:CVE-2024-35306HistoryJun 10, 2024 - 2:30 p.m.
CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request
2024-06-1014:30:36
CWE-78
PandoraFMS
www.cve.org
3
command injection
ajax php
http request
pandora fms
security vulnerability
8.7 High
CVSS4
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:Y/U:Red/R:U/RE:L
0.0004 Low
EPSS
Percentile
9.8%
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables.Β This issue affects Pandora FMS: from 700 through <777.
CNA Affected
[
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThan": "777",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-35306
2024-06-10 15:15:51
cve
cve
CVE-2024-35306
2024-06-10 15:15:51
vulnrichment
vulnrichment
CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request
2024-06-10 14:30:36
8.7 High
CVSS4
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:Y/U:Red/R:U/RE:L
0.0004 Low
EPSS
Percentile
9.8%
Related for CVELIST:CVE-2024-35306