Vulnerabilities > Pandorafms

DATE CVE VULNERABILITY TITLE RISK
2020-06-11 CVE-2020-13852 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
network
low complexity
pandorafms CWE-434
7.2
2020-06-11 CVE-2020-13851 OS Command Injection vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
network
low complexity
pandorafms CWE-78
8.8
2020-06-11 CVE-2020-13850 Forced Browsing vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
network
low complexity
pandorafms CWE-425
7.5
2020-02-04 CVE-2019-19968 Cross-site Scripting vulnerability in Pandorafms Pandora FMS 742
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components.
network
low complexity
pandorafms CWE-79
5.4
2019-06-29 CVE-2019-13035 Unspecified vulnerability in Pandorafms Pandora FMS
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files.
local
low complexity
pandorafms
7.8
2018-06-16 CVE-2018-11223 Cross-site Scripting vulnerability in Pandorafms Artica Pandora FMS 7.0Ng
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.
network
low complexity
pandorafms CWE-79
5.4