Vulnerabilities > Pandorafms

DATE CVE VULNERABILITY TITLE RISK
2022-07-26 CVE-2022-1648 Path Traversal vulnerability in Pandorafms Pandora FMS
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file.
network
low complexity
pandorafms CWE-22
7.2
2022-07-25 CVE-2022-2032 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting.
network
low complexity
pandorafms CWE-79
4.8
2022-07-25 CVE-2022-2059 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting.
network
low complexity
pandorafms CWE-79
4.8
2022-03-10 CVE-2022-0507 SQL Injection vulnerability in Pandorafms Pandora FMS
Found a potential security vulnerability inside the Pandora API.
network
low complexity
pandorafms CWE-89
8.8
2021-06-25 CVE-2021-34074 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager.
network
low complexity
pandorafms CWE-434
critical
9.8
2021-06-25 CVE-2021-35501 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console.
network
low complexity
pandorafms CWE-79
5.4
2020-07-13 CVE-2020-11749 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views.
network
low complexity
pandorafms CWE-79
critical
9.0
2020-06-11 CVE-2020-13855 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
network
low complexity
pandorafms CWE-434
7.2
2020-06-11 CVE-2020-13854 Improper Privilege Management vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows privilege escalation.
network
low complexity
pandorafms CWE-269
critical
9.8
2020-06-11 CVE-2020-13853 Cross-site Scripting vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
network
low complexity
pandorafms CWE-79
5.4