Pandorafms: Security Vulnerabilities
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.
CVSS Score
5.7
EPSS Score
0.01
Published
2022-07-26
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-07-25
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-07-25
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL.
CVSS Score
5.8
EPSS Score
0.001
Published
2022-03-10
PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests.
CVSS Score
9.8
EPSS Score
0.036
Published
2021-06-25
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-06-25
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
CVSS Score
9.0
EPSS Score
0.056
Published
2020-07-13
Artica Pandora FMS 7.44 allows remote command execution via the events feature.
CVSS Score
8.8
EPSS Score
0.918
Published
2020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
CVSS Score
7.2
EPSS Score
0.374
Published
2020-06-11
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-06-11