{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-32099", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "url": "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained", "refsource": "MISC", "name": "https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained" }, { "url": "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/", "refsource": "MISC", "name": "https://pandorafms.com/blog/whats-new-in-pandora-fms-743/" }, { "url": "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack", "refsource": "MISC", "name": "https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack" } ] } }