pandora fms · threatengine.sh

Home/Product/artica pandora fms

Product

artica pandora fms

115 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container paramete

Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: f

Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 8

Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affec

Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response exe

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issu

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issu

>= 777 and < 800.1

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. T

>= 777 and < 800.1

Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandor

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDeb

>= 777 and < 800.1

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. Th

>= 777 and < 800.1

Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pan

An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functional

>= 774 and <= 778

Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pand

>= 700 and < 777.8

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affe

>= 700 and < 777.8

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora

>= 700 and < 777.5

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. T

>= 700 and <= 777.3

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality.

>= 700 and < 777.3

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue a

>= 700 and < 777

Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute ar

>= 700 and < 777

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue af

>= 700 and < 777

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from

>= 700 and < 777

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary syste

>= 700 and < 776

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all

>= 700 and < 776

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQ

>= 700 and < 776

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CV

>= 700 and < 776

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and c

>= 700 and <= 774

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

>= 700 and <= 774

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQ

>= 700 and <= 774

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

>= 700 and <= 774

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

>= 700 and <= 774

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

>= 700 and < 773

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to s

>= 700 and < 774

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Co

>= 700 and <= 773

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

>= 700 and <= 773

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

>= 700 and <= 773

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauth

>= 700 and <= 773

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows a user to

>= 700 and <= 773

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability causes that a ba

>= 700 and <= 773

Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). This vulnerability allowe

>= 700 and <= 773

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

>= 700 and <= 773

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Path

>= 700 and <= 773

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cr

>= 700 and < 774

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Co

>= 700 and < 773

Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Path

>= 700 and < 773

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnera

A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request

Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to mak

Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the sess

Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL schem

Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cooki

Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765

There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker co

There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the paramet

There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to t

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scrip

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scrip

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, u

Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.

With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new

In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attacke

PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator vi

PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-i

A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest privileged user.

A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upg

Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/ch

>= 7.0_ng and <= 746

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature

Artica Pandora FMS 7.44 allows privilege escalation.

Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.

Artica Pandora FMS 7.44 allows remote command execution via the events feature.

Artica Pandora FMS 7.44 has inadequate access controls on a web folder.

In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository co

Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dang

In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it conta

index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload m

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension compo

functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters

PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder compon

Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerability. To exploit the vulnerability, an authenticated user shoul

netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands

Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it i

Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its

XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pan

Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_con

Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin

Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition

In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters t

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploit

Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter.

Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attacke

PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute

Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary l

Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attac

Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL comma

The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remot

operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via s

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin