HTTP: SQL Injection Detected on HTTP Request Variable 5

This signature detects specific characters, typically used in SQL procedures, within an HTTP connection. Because these characters are not normally used in HTTP, this can indicate a SQL injection attack through a procedure. However, it can be a false positive. To reduce False Positives, it is strongly recommended that these signatures only be used to inspect traffic from the Internet to your organization's web servers that use SQL backend databases to generate content and not to inspect traffic going from your organization to the Internet.

Extended Description

operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.

Affected Products

Artica pandora_fms

References

BugTraq: 57958

CVE: CVE-2020-12641

URL: http://sourceforge.net/p/gestioip/gestioip/ci/ac67be9fce5ee4c0438d27dfa5c1dcbca08c457c/ https://github.com/rapid7/metasploit-framework/pull/2461 https://community.rapid7.com/community/metasploit/blog/2013/10/03/gestioip-authenticated-remote-command-execution-module https://github.com/mboynes/php-utility-belt http://www.atutor.ca/ http://sourceincite.com/research/src-2016-08/ https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ http://www.s3cur1ty.de/m1adv2013-010 http://www.webidsupport.com/forums/showthread.php?3892 https://www.redguard.ch/advisories/wepresent-wipg1000.txt http://www.s3cur1ty.de/m1adv2013-005

Short Name

HTTP:SQL:INJ:REQ-VAR-5

Severity

Minor

Recommended

False

Recommended Action

None

HTTP: SQL Injection Detected on HTTP Request Variable 5

Extended Description

Affected Products

References

Found a potential security threat?