Vulnerabilities > Pandorafms > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-06-13 CVE-2023-2807 Authentication Bypass by Spoofing vulnerability in Pandorafms Pandora FMS
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication.
network
low complexity
pandorafms CWE-290
critical
9.8
2023-01-27 CVE-2022-43979 Path Traversal vulnerability in Pandorafms Pandora FMS
There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764.
network
low complexity
pandorafms CWE-22
critical
9.8
2020-07-13 CVE-2020-11749 Cross-site Scripting vulnerability in Pandorafms Pandora FMS
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views.
network
low complexity
pandorafms CWE-79
critical
9.0
2020-06-11 CVE-2020-13855 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
network
low complexity
pandorafms CWE-434
critical
9.0
2020-06-11 CVE-2020-13854 Improper Privilege Management vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows privilege escalation.
network
low complexity
pandorafms CWE-269
critical
10.0
2020-06-11 CVE-2020-13852 Unrestricted Upload of File with Dangerous Type vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
network
low complexity
pandorafms CWE-434
critical
9.0
2020-06-11 CVE-2020-13851 OS Command Injection vulnerability in Pandorafms Pandora FMS 7.44
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
network
low complexity
pandorafms CWE-78
critical
9.0