Vulnerabilities > Artica > Pandora FMS > 7.42
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2021-46681 | Cross-site Scripting vulnerability in Artica Pandora FMS A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. | 6.1 |
| 2021-11-03 | CVE-2021-36697 | Injection vulnerability in Artica Pandora FMS With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. | 6.7 |
| 2021-11-03 | CVE-2021-36698 | Cross-site Scripting vulnerability in Artica Pandora FMS Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. | 5.4 |
| 2021-06-30 | CVE-2021-34075 | Insufficiently Protected Credentials vulnerability in Artica Pandora FMS In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. | 5.9 |
| 2020-10-02 | CVE-2020-26518 | SQL Injection vulnerability in Artica Pandora FMS Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | 9.8 |
| 2020-03-23 | CVE-2020-8511 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. | 7.2 |
| 2020-03-23 | CVE-2020-7935 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. | 7.2 |
| 2020-03-23 | CVE-2020-8497 | Missing Authentication for Critical Function vulnerability in Artica Pandora FMS In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. | 5.3 |
| 2020-03-02 | CVE-2020-8500 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS 7.42 In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. | 7.2 |
| 2020-01-30 | CVE-2019-20050 | OS Command Injection vulnerability in Artica Pandora FMS 7.42 Pandora FMS = 7.42 suffers from a remote code execution vulnerability. | 6.8 |