CVE-2017-15935
https://notcve.org/view.php?id=CVE-2017-15935
Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file. Artica Pandora FMS 7.0 es vulnerable a la ejecución remota de código PHP mediante la función manager files. Esto solo es explotable por administradores que suban un archivo PHP. • https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2017-15937
https://notcve.org/view.php?id=CVE-2017-15937
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX). Artica Pandora FMS 7.0 fuga un nombre completo de ruta de instalación mediante datos GET cuando se intercepta la llamada a la gráfica de la página principal. Esto también implica la fuga de la información general del sistema operativo (por ejemplo, un nombre de ruta /var/www pathname suele indicar que es Linux o UNIX). • https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-15934
https://notcve.org/view.php?id=CVE-2017-15934
Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. Artica Pandora FMS 7.0 es vulnerable a Cross-Site Scripting (XSS) persistente en el parámetro map name. • https://medium.com/stolabs/security-issue-on-pandora-fms-enterprise-be630059a72d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •