9 results (0.006 seconds)

CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777. • https://pandorafms.com/en/security/common-vulnerabilities-and-exposures • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •