Artica: >> Pandora Fms >> 743 Security Vulnerabilities
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
CVSS Score
6.7
EPSS Score
0.002
Published
2021-11-03
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-11-03
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
CVSS Score
5.9
EPSS Score
0.004
Published
2021-06-30
Page 4