VYPR

Pandorafms

by Artica

CVEs (46)

  • CVE-2020-13851HigJun 11, 2020
    risk 0.67cvss 8.8epss 0.91

    Artica Pandora FMS 7.44 allows remote command execution via the events feature.

  • CVE-2021-32099CriMay 7, 2021
    risk 0.65cvss 9.8epss 0.11

    A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass.

  • CVE-2021-32098CriMay 7, 2021
    risk 0.64cvss 9.8epss 0.02

    Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.

  • CVE-2020-26518CriOct 2, 2020
    risk 0.64cvss 9.8epss 0.02

    Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.

  • CVE-2020-13854CriJun 11, 2020
    risk 0.64cvss 9.8epss 0.03

    Artica Pandora FMS 7.44 allows privilege escalation.

  • CVE-2018-11221CriJun 16, 2018
    risk 0.64cvss 9.8epss 0.05

    Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.

  • CVE-2025-34088HigJul 3, 2025
    risk 0.61cvss 8.8epss 0.05

    An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as…

  • CVE-2026-30805CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.00

    Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30810HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30807HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-34186HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30813HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30809HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30806HigApr 13, 2026
    risk 0.57cvss 8.8epss 0.01

    Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800

  • CVE-2026-30808HigMay 12, 2026
    risk 0.53cvss 8.1epss 0.00

    Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800

  • CVE-2020-8947HigFeb 12, 2020
    risk 0.52cvss 7.2epss 0.22

    functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the index.php?operation/netflow/nf_live_view ip_dst, dst_port, or src_port parameter, a different vulnerability than CVE-2019-20224.

  • CVE-2019-13035HigJun 29, 2019
    risk 0.51cvss 7.8epss 0.00

    Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the…

  • CVE-2020-13855HigJun 11, 2020
    risk 0.49cvss 7.2epss 0.28

    Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.

  • CVE-2020-13852HigJun 11, 2020
    risk 0.49cvss 7.2epss 0.28

    Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.

  • CVE-2020-13850HigJun 11, 2020
    risk 0.49cvss 7.5epss 0.02

    Artica Pandora FMS 7.44 has inadequate access controls on a web folder.

Page 1 of 3