Vulnerabilities > Artica > Pandora FMS > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-23 CVE-2023-4677 Information Exposure Through Log Files vulnerability in Artica Pandora FMS
Cron log backup files contain administrator session IDs.
network
low complexity
artica CWE-532
critical
 9.8
9.8
2023-11-23 CVE-2023-41790 Uncontrolled Search Path Element vulnerability in Artica Pandora FMS
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths.
network
low complexity
artica CWE-427
critical
 9.8
9.8
2021-05-07 CVE-2021-32099 SQL Injection vulnerability in Artica Pandora FMS 742
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
network
low complexity
artica CWE-89
critical
 9.8
9.8
2021-05-07 CVE-2021-32098 Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
network
low complexity
artica CWE-502
critical
 9.8
9.8
2020-10-02 CVE-2020-26518 SQL Injection vulnerability in Artica Pandora FMS
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
network
low complexity
artica CWE-89
critical
 9.8
9.8
2018-06-16 CVE-2018-11221 Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
network
low complexity
artica CWE-434
critical
 9.8
9.8