{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-44091","assignerOrgId":"63375d6c-d89a-45ed-8ecc-c8c361b0e04c","state":"PUBLISHED","assignerShortName":"PandoraFMS","dateReserved":"2023-09-25T08:33:09.669Z","datePublished":"2024-03-19T16:31:38.932Z","dateUpdated":"2024-08-02T19:52:11.930Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["all"],"product":"Pandora FMS","vendor":"Pandora FMS","versions":[{"lessThanOrEqual":"<776","status":"affected","version":"700","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Aleksey Solovev (Positive Technologies)"}],"datePublic":"2024-03-19T17:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection.&nbsp;This ulnerability allowed SQL injections to be made even if authentication failed.<span style=\"background-color: var(--darkreader-bg--wht);\">This issue affects Pandora FMS: from 700 through &lt;776.</span>"}],"value":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandora FMS: from 700 through <776."}],"impacts":[{"capecId":"CAPEC-66","descriptions":[{"lang":"en","value":"CAPEC-66 SQL Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"63375d6c-d89a-45ed-8ecc-c8c361b0e04c","shortName":"PandoraFMS","dateUpdated":"2024-03-19T16:31:38.932Z"},"references":[{"tags":["vendor-advisory"],"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nFixed in v776.\n\n<br>"}],"value":"\nFixed in v776.\n\n"}],"source":{"discovery":"EXTERNAL"},"title":"Unauth Time-Based SQL Injection","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-44091","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-03-19T19:13:28.748415Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:19:21.999Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:52:11.930Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}]}]}}