From SQLi to PHP deserialize to RCE on Pandora FMS 742
· ☕ 15 min read · 🐉 Edisc
Continuing from the previous series of articles, in this post, I will apply the knowledge I have acquired and conduct further research on PHP deserialization in order to reproduce an intriguing bug: going from SQL injection to PHP deserialization and achieving Remote Code Execution (RCE) on Pandora FMS 742.