Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
artica pandora fms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4677
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an admini...
Artica Pandora Fms
4.3
CVSSv2
CVE-2021-34075
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
Artica Pandora Fms
4.6
CVSSv2
CVE-2021-36697
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code c...
Artica Pandora Fms
3.5
CVSSv2
CVE-2021-36698
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
Artica Pandora Fms
7.5
CVSSv2
CVE-2020-26518
Artica Pandora FMS prior to 743 allows unauthenticated malicious users to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
Artica Pandora Fms
5
CVSSv2
CVE-2020-8497
In Artica Pandora FMS up to and including 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.
Artica Pandora Fms
6.5
CVSSv2
CVE-2020-7935
Artica Pandora FMS up to and including 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP f...
Artica Pandora Fms
7.5
CVSSv2
CVE-2018-11221
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an malicious user to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
Artica Pandora Fms
5
CVSSv2
CVE-2018-11222
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an malicious user to call any php file via the /pandora_console/ajax.php ajax endpoint.
Artica Pandora Fms
6.5
CVSSv2
CVE-2020-8511
In Artica Pandora FMS up to and including 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
Artica Pandora Fms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »