CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36697
https://notcve.org/view.php?id=CVE-2021-36697
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request. Con una cuenta de administrador, el fichero .htaccess en Artica Pandora FMS versiones anteriores a 755 incluyéndola, puede ser sobrescrito con el componente File Manager. El nuevo fichero .htaccess contiene una Regla de Reescritura con una definición de tipo. • http://artica.com http://pandora.com https://k4m1ll0.com/chained_exploit_htaccess.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36698
https://notcve.org/view.php?id=CVE-2021-36698
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. Pandora FMS versiones hasta 755, permite un ataque de tipo XSS por medio de un nuevo Filtro de Eventos con un nombre diseñado • http://artica.com http://pandora.com https://k4m1ll0.com/chained_exploit_htaccess.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-34075
https://notcve.org/view.php?id=CVE-2021-34075
In Artica Pandora FMS <=754 in the File Manager component, there is sensitive information exposed on the client side which attackers can access. En Artica Pandora FMS versiones anteriores a 754 incluyéndola, en el componente File Manager, presenta información confidencial expuesta en el lado del cliente a la que los atacantes pueden acceder • https://k4m1ll0.com/cve-2021-34075.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2021-32098
https://notcve.org/view.php?id=CVE-2021-32098
Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization. Artica Pandora FMS 742, permite a atacantes no autenticados llevar a cabo una deserialización Phar • https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained https://pandorafms.com/blog/whats-new-in-pandora-fms-743 https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 5CVE-2021-32099
https://notcve.org/view.php?id=CVE-2021-32099
A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chart_generator.php session_id parameter, leading to a login bypass. Una vulnerabilidad de inyección SQL en el componente pandora_console de Artica Pandora FMS, permite a un atacante no autenticado actualizar su sesión sin privilegios por medio del parámetro session_id en el archivo /include/chart_generator.php, conllevando a un desvío de inicio de sesión • https://github.com/ibnuuby/CVE-2021-32099 https://github.com/zjicmDarkWing/CVE-2021-32099 https://github.com/akr3ch/CVE-2021-32099 https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained https://pandorafms.com/blog/whats-new-in-pandora-fms-743 https://portswigger.net/daily-swig/multiple-vulnerabilities-in-pandora-fms-could-trigger-remote-execution-attack • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •