Vulnerabilities > Pandorafms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-26 | CVE-2022-1648 | Path Traversal vulnerability in Pandorafms Pandora FMS Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. | 7.2 |
2022-07-25 | CVE-2022-2032 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. | 4.8 |
2022-07-25 | CVE-2022-2059 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. | 4.8 |
2022-03-10 | CVE-2022-0507 | SQL Injection vulnerability in Pandorafms Pandora FMS Found a potential security vulnerability inside the Pandora API. | 8.8 |
2021-06-25 | CVE-2021-34074 | Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. | 9.8 |
2021-06-25 | CVE-2021-35501 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. | 5.4 |
2020-07-13 | CVE-2020-11749 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. | 9.0 |
2020-06-11 | CVE-2020-13855 | Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44 Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | 7.2 |
2020-06-11 | CVE-2020-13854 | Improper Privilege Management vulnerability in Pandorafms Pandora FMS 7.44 Artica Pandora FMS 7.44 allows privilege escalation. | 9.8 |
2020-06-11 | CVE-2020-13853 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS 7.44 Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | 5.4 |