CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2020-26518
https://notcve.org/view.php?id=CVE-2020-26518
02 Oct 2020 — Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. Artica Pandora FMS versiones anteriores a 743, permite a atacantes no autenticados conducir ataques de inyección SQL por medio del parámetro session_id del archivo pandora_console/include/chart_generator.php • https://blog.sonarsource.com/pandora-fms-742-critical-code-vulnerabilities-explained • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 2CVE-2020-11749 – PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11749
13 Jul 2020 — Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2. Pandora FMS versiones 7.0 NG anteriores a 746 incluyéndola, sufre de múltiples vulnerabilidades de tipo XSS en diferentes vistas del navegador. Un administrador de red que escanea un dispositivo SNMP puede desencadenar un ataque de tipo Cross Site... • https://www.exploit-db.com/exploits/48707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 91%CPEs: 1EXPL: 4CVE-2020-13851 – Pandora FMS 7.0 NG 7XX Remote Command Execution
https://notcve.org/view.php?id=CVE-2020-13851
11 Jun 2020 — Artica Pandora FMS 7.44 allows remote command execution via the events feature. Artica Pandora FMS versión 7.44, permite una ejecución de comandos remota por medio de la funcionalidad events • https://packetstorm.news/files/id/158390 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 40%CPEs: 1EXPL: 1CVE-2020-13852
https://notcve.org/view.php?id=CVE-2020-13852
11 Jun 2020 — Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. Artica Pandora FMS versión 7.44, permite una carga arbitraria de archivos (lo que conlleva a una ejecución de comandos remota) por medio de la funcionalidad File Manager • https://www.coresecurity.com/advisories • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13853
https://notcve.org/view.php?id=CVE-2020-13853
11 Jun 2020 — Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. Artica Pandora FMS versión 7.44, presenta una vulnerabilidad de tipo XSS persistente en la funcionalidad Messages • https://www.coresecurity.com/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13854
https://notcve.org/view.php?id=CVE-2020-13854
11 Jun 2020 — Artica Pandora FMS 7.44 allows privilege escalation. Artica Pandora FMS versión 7.44, permite una escalada de privilegios • https://www.coresecurity.com/advisories • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 40%CPEs: 1EXPL: 1CVE-2020-13855
https://notcve.org/view.php?id=CVE-2020-13855
11 Jun 2020 — Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. Artica Pandora FMS versión 7.44, permite una carga de archivos arbitraria (lo que conlleva a una ejecución de comandos remota) por medio de la funcionalidad File Repository Manager • https://www.coresecurity.com/advisories • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13850
https://notcve.org/view.php?id=CVE-2020-13850
11 Jun 2020 — Artica Pandora FMS 7.44 has inadequate access controls on a web folder. Artica Pandora FMS versión 7.44, posee controles de acceso inadecuados en una carpeta web • https://www.coresecurity.com/advisories • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8511
https://notcve.org/view.php?id=CVE-2020-8511
23 Mar 2020 — In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. En Artica Pandora FMS versiones hasta 7.42, usuarios de Web Admin pueden ejecutar código arbitrario cargando un archivo .php por medio del componente File Repository, un problema diferente de CVE-2020-7935 y CVE-2020-8500. • https://k4m1ll0.com/cve-2020-8511.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7935
https://notcve.org/view.php?id=CVE-2020-7935
23 Mar 2020 — Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access. Artica Pandora FMS versiones hasta 7.42, e... • https://k4m1ll0.com/cve-2020-7935.html • CWE-434: Unrestricted Upload of File with Dangerous Type •