Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artica pandora fms vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2020-8511
In Artica Pandora FMS up to and including 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
Artica Pandora Fms
6.1
CVSSv3
CVE-2021-46681
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an malicious user to perform javascript code executions via module massive operation name field.
Artica Pandora Fms
9.8
CVSSv3
CVE-2018-11221
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an malicious user to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
Artica Pandora Fms
6.7
CVSSv3
CVE-2021-36697
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code c...
Artica Pandora Fms
5.4
CVSSv3
CVE-2021-36698
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
Artica Pandora Fms
7.5
CVSSv3
CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an malicious user to call any php file via the /pandora_console/ajax.php ajax endpoint.
Artica Pandora Fms
9.8
CVSSv3
CVE-2020-26518
Artica Pandora FMS prior to 743 allows unauthenticated malicious users to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
Artica Pandora Fms
9.8
CVSSv3
CVE-2023-4677
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an admini...
Artica Pandora Fms
5.9
CVSSv3
CVE-2021-34075
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
Artica Pandora Fms
5.4
CVSSv3
CVE-2023-41791
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowed users with low privileges to introduce Javascript executables via a translation string ...
Artica Pandora Fms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »