Vulnerabilities > Artica > Pandora FMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-12-02 | CVE-2010-4279 | Improper Authentication vulnerability in Artica Pandora FMS The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter. | 10.0 |
| 2010-12-02 | CVE-2010-4278 | OS Command Injection vulnerability in Artica Pandora FMS operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php. | 9.0 |