Artica: >> Pandora Fms >> 700 Security Vulnerabilities
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
CVSS Score
6.7
EPSS Score
0.002
Published
2021-11-03
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-11-03
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
CVSS Score
5.9
EPSS Score
0.004
Published
2021-06-30
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
CVSS Score
9.8
EPSS Score
0.031
Published
2020-10-02
Page 4