Artica Pandora_fms
15 CVEs affecting Artica Pandora_fms. Latest disclosed: 2026-05-12. Critical: 2, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-34187 | Critical | 9.8 | 2026-05-12 | Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via graph container parameter. This issue affects Pandora… |
CVE-2026-30805 | Critical | 9.1 | 2026-05-12 | Insecure Default Initialization of Resource vulnerability allows Authentication Bypass via API access. This issue affects Pandora FMS: from 777 through 800 |
CVE-2026-30810 | High | 8.8 | 2026-05-12 | Server-Side Request Forgery vulnerability allows Privilege Escalation via API Checker extension. This issue affects Pandora FMS: from 777 through 800 |
CVE-2026-30807 | High | 8.8 | 2026-05-12 | Cross-Site Request Forgery vulnerability allows an attacker to perform unauthorized actions via crafted web page. This issue affects Pandora FMS: from 777 thro… |
CVE-2026-30808 | High | 8.1 | 2026-05-12 | Session Fixation vulnerability allows Session Hijacking via crafted session ID. This issue affects Pandora FMS: from 777 through 800 |
CVE-2017-15935 | High | 7.2 | 2017-10-27 | Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who up… |
CVE-2017-15937 | Medium | 6.5 | 2017-10-27 | Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that gene… |
CVE-2017-15936 | Medium | 5.4 | 2017-10-27 | In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, th… |
CVE-2017-15934 | Medium | 5.4 | 2017-10-27 | Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. |
CVE-2010-4283 | | 2010-12-02 | PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL… | |
CVE-2010-4282 | | 2010-12-02 | Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page p… | |
CVE-2010-4281 | | 2010-12-02 | Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP… | |
CVE-2010-4280 | | 2010-12-02 | Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group para… | |
CVE-2010-4279 | | 2010-12-02 | The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authent… | |
CVE-2010-4278 | | 2010-12-02 | operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the la… |