Vulnerabilities > Pandorafms > Pandora FMS > 7.0.ng.708

DATE CVE VULNERABILITY TITLE RISK
2022-07-26 CVE-2022-1648 Path Traversal vulnerability in Pandorafms Pandora FMS
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file.
network
low complexity
pandorafms CWE-22
7.2
2022-07-25 CVE-2022-2032 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting.
network
low complexity
pandorafms CWE-79
4.8
2022-07-25 CVE-2022-2059 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting.
network
low complexity
pandorafms CWE-79
4.8
2022-03-10 CVE-2022-0507 SQL Injection vulnerability in Pandorafms Pandora FMS
Found a potential security vulnerability inside the Pandora API.
network
low complexity
pandorafms CWE-89
8.8
2021-06-25 CVE-2021-34074 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager.
network
low complexity
pandorafms CWE-434
critical
9.8
2021-06-25 CVE-2021-35501 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console.
network
low complexity
pandorafms CWE-79
5.4
2020-07-13 CVE-2020-11749 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views.
network
low complexity
pandorafms CWE-79
critical
9.0
2019-06-29 CVE-2019-13035 Unspecified vulnerability in Pandorafms Pandora FMS
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files.
local
low complexity
pandorafms
7.8