Vulnerabilities > Artica

DATE CVE VULNERABILITY TITLE RISK
2021-05-07 CVE-2021-32098 Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
network
low complexity
artica CWE-502
7.5
2021-05-07 CVE-2021-32099 SQL Injection vulnerability in Artica Pandora FMS 742
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
network
low complexity
artica CWE-89
7.5
2021-05-07 CVE-2021-32100 Unspecified vulnerability in Artica Pandora FMS 742
A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.
network
low complexity
artica
4.0
2020-10-02 CVE-2020-26518 SQL Injection vulnerability in Artica Pandora FMS
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
network
low complexity
artica CWE-89
7.5
2020-03-23 CVE-2020-8511 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500.
network
low complexity
artica CWE-434
6.5
2020-03-23 CVE-2020-7935 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS
Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager.
network
low complexity
artica CWE-434
6.5
2020-03-23 CVE-2020-8497 Information Exposure vulnerability in Artica Pandora FMS
In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history.
network
low complexity
artica CWE-200
5.0
2020-03-16 CVE-2020-5844 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS 7.0Ng
index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location.
network
low complexity
artica CWE-434
7.2
2020-03-02 CVE-2020-8500 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS 7.42
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component.
network
low complexity
artica CWE-434
7.2
2020-02-12 CVE-2020-8947 OS Command Injection vulnerability in Artica Pandora FMS 7.0
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
network
low complexity
artica CWE-78
critical
9.0