Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artica pandora fms vulnerabilities and exploits
(subscribe to this query)
6.7
CVSSv3
CVE-2021-36697
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code c...
Artica Pandora Fms
5.4
CVSSv3
CVE-2021-36698
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
Artica Pandora Fms
9.8
CVSSv3
CVE-2018-11221
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an malicious user to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
Artica Pandora Fms
7.5
CVSSv3
CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an malicious user to call any php file via the /pandora_console/ajax.php ajax endpoint.
Artica Pandora Fms
5.3
CVSSv3
CVE-2020-8497
In Artica Pandora FMS up to and including 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.
Artica Pandora Fms
7.2
CVSSv3
CVE-2020-8511
In Artica Pandora FMS up to and including 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
Artica Pandora Fms
7.2
CVSSv3
CVE-2020-7935
Artica Pandora FMS up to and including 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP f...
Artica Pandora Fms
8.8
CVSSv3
CVE-2023-41788
Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows malicious users to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 up to and ...
Artica Pandora Fms
6.1
CVSSv3
CVE-2023-41789
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allows an malicious user to perform cookie hijacking and log in as that user without the need f...
Artica Pandora Fms
9.8
CVSSv3
CVE-2023-41790
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 up to an...
Artica Pandora Fms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »