Vulnerabilities > Artica > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-23 | CVE-2023-41790 | Uncontrolled Search Path Element vulnerability in Artica Pandora FMS Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. | 9.8 |
| 2023-11-23 | CVE-2023-4677 | Information Exposure Through Log Files vulnerability in Artica Pandora FMS Cron log backup files contain administrator session IDs. | 9.8 |
| 2021-10-07 | CVE-2021-3833 | Incorrect Comparison vulnerability in Artica Integria IMS 5.0.92 Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. | 9.8 |
| 2021-10-07 | CVE-2021-3832 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Integria IMS 5.0.92 Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Execution attack through file uploading. | 9.8 |
| 2021-05-07 | CVE-2021-32098 | Deserialization of Untrusted Data vulnerability in Artica Pandora FMS 742 Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. | 9.8 |
| 2021-05-07 | CVE-2021-32099 | SQL Injection vulnerability in Artica Pandora FMS 742 A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass. | 9.8 |
| 2020-10-02 | CVE-2020-26518 | SQL Injection vulnerability in Artica Pandora FMS Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | 9.8 |
| 2019-08-16 | CVE-2019-15091 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Integria IMS 5.0.86 filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload. | 9.8 |
| 2018-06-16 | CVE-2018-11221 | Unrestricted Upload of File with Dangerous Type vulnerability in Artica Pandora FMS Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | 9.8 |