Vulnerabilities > Artica > Pandora FMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2020-8947 | OS Command Injection vulnerability in Artica Pandora FMS 7.0 functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. | 7.2 |
| 2020-01-09 | CVE-2019-20224 | OS Command Injection vulnerability in Artica Pandora FMS 7.0Ng netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. | 8.8 |
| 2019-12-26 | CVE-2019-19681 | Incorrect Authorization vulnerability in Artica Pandora FMS 7.0 Pandora FMS 7.x suffers from remote code execution vulnerability. | 8.8 |
| 2018-06-16 | CVE-2018-11222 | Improper Input Validation vulnerability in Artica Pandora FMS Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | 7.5 |
| 2017-10-27 | CVE-2017-15935 | Code Injection vulnerability in Artica Pandora FMS 7.0 Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. | 7.2 |