Pandora FMS, an open-source IT infrastructure monitoring software, has been found to have several critical security vulnerabilities that allow remote attackers to execute arbitrary code on servers. The most severe vulnerability is a SQL injection attack that can bypass authentication and grant access to the entire server. This vulnerability was discovered through a thorough analysis of the code and its security mechanisms, which highlighted potential pitfalls in the use of sanitization functions and the handling of user input. A patch has been released by the vendor, but it is essential for users to update their installations as soon as possible to prevent further attacks.