Vulnerabilities > Artica

DATE CVE VULNERABILITY TITLE RISK
2021-11-03 CVE-2021-36697 Injection vulnerability in Artica Pandora FMS
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component.
local
low complexity
artica CWE-74
4.6
2021-11-03 CVE-2021-36698 Cross-site Scripting vulnerability in Artica Pandora FMS
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
network
artica CWE-79
3.5
2021-10-07 CVE-2021-3833 Incorrect Authorization vulnerability in Artica Integria IMS 5.0.92
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database.
network
low complexity
artica CWE-863
7.5
2021-10-07 CVE-2021-3834 Cross-site Scripting vulnerability in Artica Integria IMS 5.0.92
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file.
network
artica CWE-79
4.3
2021-10-07 CVE-2021-3832 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Integria IMS 5.0.92
Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading.
network
low complexity
artica CWE-434
7.5
2021-06-30 CVE-2021-34075 Exposure of Resource to Wrong Sphere vulnerability in Artica Pandora FMS
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
network
artica CWE-668
4.3
2021-05-07 CVE-2021-32098 Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
network
low complexity
artica CWE-502
7.5
2021-05-07 CVE-2021-32099 SQL Injection vulnerability in Artica Pandora FMS 742
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
network
low complexity
artica CWE-89
7.5
2021-05-07 CVE-2021-32100 Unspecified vulnerability in Artica Pandora FMS 742
A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.
network
low complexity
artica
4.0
2020-10-02 CVE-2020-26518 SQL Injection vulnerability in Artica Pandora FMS
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
network
low complexity
artica CWE-89
7.5