Pandorafms
by Artica
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-13851 | Hig | 0.67 | 8.8 | 0.91 | Jun 11, 2020 | Artica Pandora FMS 7.44 allows remote command execution via the events feature. | ||
| CVE-2021-32099 | Cri | 0.65 | 9.8 | 0.11 | May 7, 2021 | A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass. | ||
| CVE-2021-32098 | Cri | 0.64 | 9.8 | 0.02 | May 7, 2021 | Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. | ||
| CVE-2020-26518 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2020 | Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. | ||
| CVE-2020-13854 | Cri | 0.64 | 9.8 | 0.03 | Jun 11, 2020 | Artica Pandora FMS 7.44 allows privilege escalation. | ||
| CVE-2018-11221 | Cri | 0.64 | 9.8 | 0.05 | Jun 16, 2018 | Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | ||
| CVE-2025-34088 | Hig | 0.61 | 8.8 | 0.05 | Jul 3, 2025 | An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as… | ||
| CVE-2026-30805 | Cri | 0.59 | 9.1 | 0.00 | May 12, 2026 | Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30810 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30807 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-34186 | Hig | 0.57 | 8.8 | 0.00 | Apr 13, 2026 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30813 | Hig | 0.57 | 8.8 | 0.00 | Apr 13, 2026 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30809 | Hig | 0.57 | 8.8 | 0.01 | Apr 13, 2026 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30806 | Hig | 0.57 | 8.8 | 0.01 | Apr 13, 2026 | Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2026-30808 | Hig | 0.53 | 8.1 | 0.00 | May 12, 2026 | Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800 | ||
| CVE-2020-8947 | Hig | 0.52 | 7.2 | 0.22 | Feb 12, 2020 | functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224. | ||
| CVE-2019-13035 | Hig | 0.51 | 7.8 | 0.00 | Jun 29, 2019 | Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the… | ||
| CVE-2020-13855 | Hig | 0.49 | 7.2 | 0.28 | Jun 11, 2020 | Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | ||
| CVE-2020-13852 | Hig | 0.49 | 7.2 | 0.28 | Jun 11, 2020 | Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | ||
| CVE-2020-13850 | Hig | 0.49 | 7.5 | 0.02 | Jun 11, 2020 | Artica Pandora FMS 7.44 has inadequate access controls on a web folder. |
- risk 0.67cvss 8.8epss 0.91
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
- risk 0.65cvss 9.8epss 0.11
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.
- risk 0.64cvss 9.8epss 0.02
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.
- risk 0.64cvss 9.8epss 0.02
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
- risk 0.64cvss 9.8epss 0.03
Artica Pandora FMS 7.44 allows privilege escalation.
- risk 0.64cvss 9.8epss 0.05
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
- risk 0.61cvss 8.8epss 0.05
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as…
- risk 0.59cvss 9.1epss 0.00
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.00
Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.00
Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.00
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.00
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.01
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800
- risk 0.57cvss 8.8epss 0.01
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800
- risk 0.53cvss 8.1epss 0.00
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800
- risk 0.52cvss 7.2epss 0.22
functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.
- risk 0.51cvss 7.8epss 0.00
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the…
- risk 0.49cvss 7.2epss 0.28
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
- risk 0.49cvss 7.2epss 0.28
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
- risk 0.49cvss 7.5epss 0.02
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
Page 1 of 3