Vulnerabilities > Artica

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-26518 SQL Injection vulnerability in Artica Pandora FMS
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
network
low complexity
artica CWE-89
7.5
2020-03-23 CVE-2020-8511 Unrestricted Upload of File With Dangerous Type vulnerability in Artica Pandora FMS
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
network
low complexity
artica CWE-434
6.5
2020-03-23 CVE-2020-7935 Unrestricted Upload of File With Dangerous Type vulnerability in Artica Pandora FMS
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager.
network
low complexity
artica CWE-434
6.5
2020-03-23 CVE-2020-8497 Information Exposure vulnerability in Artica Pandora FMS
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history.
network
low complexity
artica CWE-200
5.0
2020-03-16 CVE-2020-5844 Unrestricted Upload of File With Dangerous Type vulnerability in Artica Pandora FMS 7.0Ng
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location.
network
low complexity
artica CWE-434
6.5
2020-03-02 CVE-2020-8500 Unrestricted Upload of File With Dangerous Type vulnerability in Artica Pandora FMS 7.42
** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component.
network
low complexity
artica CWE-434
6.5
2020-02-12 CVE-2020-8947 OS Command Injection vulnerability in Artica Pandora FMS 7.0
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
network
low complexity
artica CWE-78
critical
9.0
2020-01-30 CVE-2019-20050 OS Command Injection vulnerability in Artica Pandora FMS 7.42
Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability.
network
high complexity
artica CWE-78
7.1
2020-01-09 CVE-2019-20224 OS Command Injection vulnerability in Artica Pandora FMS 7.0Ng
netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request.
network
low complexity
artica CWE-78
critical
9.0
2019-12-26 CVE-2019-19681 Incorrect Authorization vulnerability in Artica Pandora FMS 7.0
** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vulnerability.
network
low complexity
artica CWE-863
critical
9.0