Vulnerabilities > Artica > Pandora FMS > 7.0.ng
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-16 | CVE-2018-11222 | Improper Input Validation vulnerability in Artica Pandora FMS Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | 7.5 |
| 2018-06-16 | CVE-2018-11221 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | 9.8 |