Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26518
Reference (s):
- https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained