Vulnerabilities > Artica > Pandora FMS > 7.0.ng
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-03 | CVE-2021-36697 | Injection vulnerability in Artica Pandora FMS With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. | 4.6 |
| 2021-11-03 | CVE-2021-36698 | Cross-site Scripting vulnerability in Artica Pandora FMS Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. | 3.5 |
| 2021-06-30 | CVE-2021-34075 | Insufficiently Protected Credentials vulnerability in Artica Pandora FMS In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. | 4.3 |
| 2020-10-02 | CVE-2020-26518 | SQL Injection vulnerability in Artica Pandora FMS Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | 7.5 |
| 2020-03-23 | CVE-2020-8511 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. | 6.5 |
| 2020-03-23 | CVE-2020-7935 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. | 6.5 |
| 2020-03-23 | CVE-2020-8497 | Information Exposure vulnerability in Artica Pandora FMS In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. | 5.0 |
| 2020-03-16 | CVE-2020-5844 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS 7.0Ng index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. | 7.2 |
| 2020-01-09 | CVE-2019-20224 | OS Command Injection vulnerability in Artica Pandora FMS 7.0Ng netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. | 9.0 |
| 2018-06-16 | CVE-2018-11222 | Improper Input Validation vulnerability in Artica Pandora FMS Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | 5.0 |