Vulnerabilities > Artica
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2020-8947 | OS Command Injection vulnerability in Artica Pandora FMS 7.0 functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. | 7.2 |
| 2020-01-30 | CVE-2019-20050 | OS Command Injection vulnerability in Artica Pandora FMS 7.42 Pandora FMS = 7.42 suffers from a remote code execution vulnerability. | 6.8 |
| 2020-01-09 | CVE-2019-20224 | OS Command Injection vulnerability in Artica Pandora FMS 7.0Ng netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. | 8.8 |
| 2019-12-26 | CVE-2019-19681 | Incorrect Authorization vulnerability in Artica Pandora FMS 7.0 Pandora FMS 7.x suffers from remote code execution vulnerability. | 8.8 |
| 2019-08-16 | CVE-2019-15091 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Integria IMS 5.0.86 filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. | 9.8 |
| 2018-12-20 | CVE-2018-1000812 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Artica Integria IMS 5.0 Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over. | 8.1 |
| 2018-12-18 | CVE-2018-19829 | Cross-Site Request Forgery (CSRF) vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. | 6.5 |
| 2018-12-17 | CVE-2018-19828 | Cross-site Scripting vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has XSS via the search_string parameter. | 6.1 |
| 2018-06-16 | CVE-2018-11222 | Improper Input Validation vulnerability in Artica Pandora FMS Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | 7.5 |
| 2018-06-16 | CVE-2018-11221 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | 9.8 |