Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pandora_fms
(Pandorafms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 45 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-06-11 | CVE-2020-13853 | Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. | Pandora_fms | 5.4 | ||
| 2020-06-11 | CVE-2020-13854 | Artica Pandora FMS 7.44 allows privilege escalation. | Pandora_fms | 9.8 | ||
| 2020-06-11 | CVE-2020-13855 | Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | Pandora_fms | 7.2 | ||
| 2021-06-25 | CVE-2021-34074 | PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests. | Pandora_fms | 9.8 | ||
| 2021-06-25 | CVE-2021-35501 | PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. | Pandora_fms | 5.4 | ||
| 2022-03-10 | CVE-2022-0507 | Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL. | Pandora_fms | 8.8 | ||
| 2022-07-25 | CVE-2022-2032 | In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | Pandora_fms | 4.8 | ||
| 2022-07-25 | CVE-2022-2059 | In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system. | Pandora_fms | 4.8 | ||
| 2022-07-26 | CVE-2022-1648 | Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege. | Pandora_fms | 7.2 | ||
| 2022-08-01 | CVE-2022-26308 | Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role. | Pandora_fms | 5.4 |