CVE-2014-125115
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-07-29
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pandora_fms | pandora_fms | * |
| pandora_fms | pandora_fms | 5.0_sp2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2014-125115 is a critical vulnerability in Pandora FMS versions up to 5.0 SP2 that allows an attacker to bypass authentication through an unauthenticated SQL injection in the mobile/index.php endpoint. The vulnerability arises because user input in the loginhash_data parameter is not properly sanitized, enabling attackers to extract administrator credentials or active session tokens. After bypassing authentication, the attacker can exploit a second vulnerability in the File Manager component that allows arbitrary PHP file uploads without MIME-type or file extension restrictions. This enables the attacker to upload a web shell to a publicly accessible directory and execute arbitrary code remotely on the affected system. [1, 3, 4]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to administrator credentials or active sessions, allowing attackers to fully bypass authentication. Once authenticated, attackers can upload malicious PHP files (web shells) to the server, enabling remote code execution. This can lead to complete compromise of the affected Pandora FMS system, including data theft, system manipulation, and disruption of services. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to exploit the SQL injection in the mobile/index.php endpoint, specifically by sending crafted POST requests with the loginhash_data parameter to extract administrator credentials or session tokens. Detection can also involve checking for the presence of default credentials (admin:pandora) by attempting authentication on the login endpoint (index.php). Using the Metasploit module designed for this vulnerability can automate detection and exploitation steps, including sending POST requests to mobile/index.php and analyzing responses for SQL injection success and session cookie retrieval. Commands would include curl or similar tools to send POST requests with crafted SQL injection payloads to /mobile/index.php, or using the Metasploit Framework module for CVE-2014-125115 to perform automated detection. [3, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Pandora FMS to version 5 Service Pack 3 (SP3) or later, as SP3 includes security fixes addressing this vulnerability. Additionally, restrict access to the vulnerable endpoints, disable or restrict file upload functionality in the File Manager component, and change any default credentials to strong, unique passwords. Monitoring and blocking suspicious requests targeting the mobile/index.php endpoint and the file upload interface can also help reduce risk until a patch is applied. [2]