Community Release Tecnología

Vulnerability fixed in visualizing agents in Pandora FMS 5.1

noviembre 17, 2014

Vulnerability fixed in visualizing agents in Pandora FMS 5.1

This post is also available in : Inglés Japonés

This morning, William Costa, one of our Opensource community members, has discovered a new vulnerability in the agents visualization of Pandora FMS 5.1 SP1, that allows the arbitrary execution of HTML/script code that is executed in the context of the user or «victim» browser.

The code injection is done through the parameter «refr» in the page «/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=», what allows an attacker to send link and choice text write in page.

Our developement team have been put to work to solve this vulnerability and they have solved as quick as possible. Below you can find the links to the corresponding packages for 5.0 and 5.1 version:

Pandora FMS 5.0: http://artica.es/integria//operation/common/download_file.php?type=external_release&id_attachment=cef6fbe52266059617801c18caa490ef1e558a48

Pandora FMS 5.1: http://artica.es/integria//operation/common/download_file.php?type=external_release&id_attachment=997c3df536ca9d60e11c95a28016e37c51074957


Written by:



Leave a comment

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.