Pandorafms: >> Pandora Fms >> 7.44 Security Vulnerabilities
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
CVSS Score
9.0
EPSS Score
0.049
Published
2020-07-13
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
CVSS Score
8.8
EPSS Score
0.914
Published
2020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
CVSS Score
7.2
EPSS Score
0.374
Published
2020-06-11
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-11
Artica Pandora FMS 7.44 allows privilege escalation.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
CVSS Score
7.2
EPSS Score
0.374
Published
2020-06-11
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-06-11
Page 3