CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13853
https://notcve.org/view.php?id=CVE-2020-13853
Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. Artica Pandora FMS versión 7.44, presenta una vulnerabilidad de tipo XSS persistente en la funcionalidad Messages • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13854
https://notcve.org/view.php?id=CVE-2020-13854
Artica Pandora FMS 7.44 allows privilege escalation. Artica Pandora FMS versión 7.44, permite una escalada de privilegios • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 90%CPEs: 1EXPL: 1CVE-2020-13855
https://notcve.org/view.php?id=CVE-2020-13855
Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. Artica Pandora FMS versión 7.44, permite una carga de archivos arbitraria (lo que conlleva a una ejecución de comandos remota) por medio de la funcionalidad File Repository Manager • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13850
https://notcve.org/view.php?id=CVE-2020-13850
Artica Pandora FMS 7.44 has inadequate access controls on a web folder. Artica Pandora FMS versión 7.44, posee controles de acceso inadecuados en una carpeta web • https://www.coresecurity.com/advisories https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8511
https://notcve.org/view.php?id=CVE-2020-8511
In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. En Artica Pandora FMS versiones hasta 7.42, usuarios de Web Admin pueden ejecutar código arbitrario cargando un archivo .php por medio del componente File Repository, un problema diferente de CVE-2020-7935 y CVE-2020-8500. • https://k4m1ll0.com/cve-2020-8511.html • CWE-434: Unrestricted Upload of File with Dangerous Type •