Vulnerabilities > Pandorafms > Pandora FMS > 2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-26 | CVE-2022-1648 | Path Traversal vulnerability in Pandorafms Pandora FMS Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. | 7.2 |
| 2022-07-25 | CVE-2022-2032 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. | 4.8 |
| 2022-07-25 | CVE-2022-2059 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. | 4.8 |
| 2022-03-10 | CVE-2022-0507 | SQL Injection vulnerability in Pandorafms Pandora FMS Found a potential security vulnerability inside the Pandora API. | 8.8 |
| 2021-06-25 | CVE-2021-34074 | Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. | 9.8 |
| 2021-06-25 | CVE-2021-35501 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. | 5.4 |
| 2019-06-29 | CVE-2019-13035 | Unspecified vulnerability in Pandorafms Pandora FMS Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. | 7.8 |