Vulnerabilities > Artica

DATE CVE VULNERABILITY TITLE RISK
2020-01-30 CVE-2019-20050 OS Command Injection vulnerability in Artica Pandora FMS 7.42
Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability.
network
high complexity
artica CWE-78
7.1
2020-01-09 CVE-2019-20224 OS Command Injection vulnerability in Artica Pandora FMS 7.0Ng
netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request.
network
low complexity
artica CWE-78
critical
9.0
2019-12-26 CVE-2019-19681 Incorrect Authorization vulnerability in Artica Pandora FMS 7.0
Pandora FMS 7.x suffers from remote code execution vulnerability.
network
low complexity
artica CWE-863
8.8
2019-08-16 CVE-2019-15091 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Integria IMS 5.0.86
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
network
low complexity
artica CWE-434
7.5
2018-12-20 CVE-2018-1000812 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Artica Integria IMS
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 45 of general/password_recovery.php that can result in IntegriaIMS web app user accounts can be taken over.
network
artica CWE-640
4.3
2018-12-18 CVE-2018-19829 Cross-Site Request Forgery (CSRF) vulnerability in Artica Integria IMS 5.0.83
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
network
artica CWE-352
5.8
2018-12-17 CVE-2018-19828 Cross-site Scripting vulnerability in Artica Integria IMS 5.0.83
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
network
artica CWE-79
4.3
2018-06-16 CVE-2018-11222 Improper Input Validation vulnerability in Artica Pandora FMS
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.
network
low complexity
artica CWE-20
5.0
2018-06-16 CVE-2018-11221 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
network
low complexity
artica CWE-434
7.5
2017-10-27 CVE-2017-15937 Information Exposure vulnerability in Artica Pandora FMS 7.0
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition.
network
low complexity
artica CWE-200
4.0