Shodan
Vulnerabilities
Vulnerable Software
Artica:  >> Pandora Fms  >> 4.0  Security Vulnerabilities
CVE-2026-34187
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora FMS: from 777 through 800
CVSS Score
7.6
EPSS Score
0.0
Published
2026-05-12
CVE-2026-30810
Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800
CVSS Score
7.1
EPSS Score
0.0
Published
2026-05-12
CVE-2026-30805
Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800
CVSS Score
9.1
EPSS Score
0.0
Published
2026-05-12
CVE-2026-30807
Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 through 800
CVSS Score
7.1
EPSS Score
0.0
Published
2026-05-12
CVE-2026-30808
Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800
CVSS Score
7.6
EPSS Score
0.0
Published
2026-05-12
CVE-2021-46681
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field.
CVSS Score
4.0
EPSS Score
0.003
Published
2022-08-05
CVE-2021-36697
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
CVSS Score
6.7
EPSS Score
0.002
Published
2021-11-03
CVE-2021-36698
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-11-03
CVE-2021-34075
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access.
CVSS Score
5.9
EPSS Score
0.004
Published
2021-06-30
CVE-2020-26518
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
CVSS Score
9.8
EPSS Score
0.031
Published
2020-10-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved