CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 2CVE-2020-13851 – Pandora FMS 7.0 NG 7XX Remote Command Execution
https://notcve.org/view.php?id=CVE-2020-13851
Artica Pandora FMS 7.44 allows remote command execution via the events feature. Artica Pandora FMS versión 7.44, permite una ejecución de comandos remota por medio de la funcionalidad events • http://packetstormsecurity.com/files/158390/Pandora-FMS-7.0-NG-7XX-Remote-Command-Execution.html https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 90%CPEs: 1EXPL: 1CVE-2020-13852
https://notcve.org/view.php?id=CVE-2020-13852
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. Artica Pandora FMS versión 7.44, permite una carga arbitraria de archivos (lo que conlleva a una ejecución de comandos remota) por medio de la funcionalidad File Manager • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13853
https://notcve.org/view.php?id=CVE-2020-13853
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. Artica Pandora FMS versión 7.44, presenta una vulnerabilidad de tipo XSS persistente en la funcionalidad Messages • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13854
https://notcve.org/view.php?id=CVE-2020-13854
Artica Pandora FMS 7.44 allows privilege escalation. Artica Pandora FMS versión 7.44, permite una escalada de privilegios • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 90%CPEs: 1EXPL: 1CVE-2020-13855
https://notcve.org/view.php?id=CVE-2020-13855
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. Artica Pandora FMS versión 7.44, permite una carga de archivos arbitraria (lo que conlleva a una ejecución de comandos remota) por medio de la funcionalidad File Repository Manager • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type •