High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-23	CVE-2023-41787	Uncontrolled Search Path Element vulnerability in Artica Pandora FMS Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. network low complexity artica CWE-427	7.5
2023-11-23	CVE-2023-41788	Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. network low complexity artica CWE-434	8.8
2023-11-23	CVE-2023-41806	Unspecified vulnerability in Artica Pandora FMS Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. network low complexity artica	7.5
2023-11-23	CVE-2023-41807	Unspecified vulnerability in Artica Pandora FMS Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. network low complexity artica	8.8
2023-11-23	CVE-2023-41808	Unspecified vulnerability in Artica Pandora FMS Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. network low complexity artica	7.5
2023-11-23	CVE-2023-41812	Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. network low complexity artica CWE-434	8.8
2021-05-07	CVE-2021-32098	Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742 Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. network low complexity artica CWE-502	7.5
2021-05-07	CVE-2021-32099	SQL Injection vulnerability in Artica Pandora FMS 742 A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass. network low complexity artica CWE-89	7.5
2020-10-02	CVE-2020-26518	SQL Injection vulnerability in Artica Pandora FMS Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. network low complexity artica CWE-89	7.5
2020-03-16	CVE-2020-5844	Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS 7.0Ng index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. network low complexity artica CWE-434	7.2