Pandorafms: Security Vulnerabilities
Artica Pandora FMS 7.44 allows privilege escalation.
CVSS Score
9.8
EPSS Score
0.003
Published
2020-06-11
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
CVSS Score
7.2
EPSS Score
0.374
Published
2020-06-11
Artica Pandora FMS 7.44 has inadequate access controls on a web folder.
CVSS Score
7.5
EPSS Score
0.008
Published
2020-06-11
PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-04
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-06-29
XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.
CVSS Score
5.4
EPSS Score
0.004
Published
2018-06-16
Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.
CVSS Score
4.3
EPSS Score
0.004
Published
2014-11-19
Page 5