Vulnerability Details CVE-2018-11221
Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.168
EPSS Ranking 94.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-11221
-
cpe:2.3:a:artica:pandora_fms:1.2
-
cpe:2.3:a:artica:pandora_fms:1.3
-
cpe:2.3:a:artica:pandora_fms:1.4
-
cpe:2.3:a:artica:pandora_fms:2.0
-
cpe:2.3:a:artica:pandora_fms:2.1
-
cpe:2.3:a:artica:pandora_fms:3.0
-
cpe:2.3:a:artica:pandora_fms:3.1
-
cpe:2.3:a:artica:pandora_fms:3.2
-
cpe:2.3:a:artica:pandora_fms:4.0
-
cpe:2.3:a:artica:pandora_fms:5.0
-
cpe:2.3:a:artica:pandora_fms:5.1
-
cpe:2.3:a:artica:pandora_fms:6.0
-
cpe:2.3:a:artica:pandora_fms:7.0
-
cpe:2.3:a:artica:pandora_fms:7.0_ng