Pandorafms Pandora Fms — known CVE vulnerabilities
Every CVE whose affected-product data names Pandorafms Pandora Fms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2024-11320 — CVSS 9.8 (critical): Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue…
CVE-2021-34074 — CVSS 9.8 (critical): PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in…
CVE-2020-11749 — CVSS 9.0 (critical): Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP…
CVE-2024-35308 — CVSS 8.8 (high): A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects…
CVE-2025-34088 — CVSS 8.8 (high): An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality…
CVE-2024-9987 — CVSS 8.8 (high): A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This…
CVE-2019-13035 — CVSS 7.8 (high): Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its…
CVE-2022-47372 — CVSS 7.6 (high): Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits…
CVE-2023-41815 — CVSS 7.5 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site…
CVE-2022-26310 — CVSS 7.3 (high): Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User…
CVE-2020-13855 — CVSS 7.2 (high): Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.
CVE-2020-13852 — CVSS 7.2 (high): Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.
CVE-2023-24518 — CVSS 6.7 (medium): A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web…
CVE-2023-0828 — CVSS 6.7 (medium): Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be…
CVE-2022-45437 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all…
CVE-2022-47373 — CVSS 6.4 (medium): Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises…
CVE-2023-2807 — CVSS 6.4 (medium): Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate…
CVE-2023-24517 — CVSS 6.4 (medium): Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make…
CVE-2023-24514 — CVSS 6.3 (medium): Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values…
CVE-2022-45436 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all…
CVE-2023-44089 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site…
CVE-2022-43979 — CVSS 5.9 (medium): There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that…
CVE-2023-24516 — CVSS 5.9 (medium): Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie…
CVE-2023-44088 — CVSS 5.9 (medium): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL…
CVE-2022-0507 — CVSS 5.8 (medium): Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM…
CVE-2022-1648 — CVSS 5.7 (medium): Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside…
CVE-2022-43978 — CVSS 5.6 (medium): There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he…
CVE-2021-35501 — CVSS 5.4 (medium): PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the…
CVE-2019-19968 — CVSS 5.4 (medium): PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An…
CVE-2023-24515 — CVSS 5.2 (medium): Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used…
CVE-2022-43980 — CVSS 5.2 (medium): There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could…
CVE-2021-46679 — CVSS 4.0 (medium): A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service…
CVE-2021-46680 — CVSS 4.0 (medium): A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the…
CVE-2021-46678 — CVSS 4.0 (medium): A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the…
CVE-2021-46677 — CVSS 4.0 (medium): A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event…
CVE-2021-46676 — CVSS 4.0 (medium): A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the…
CVE-2022-26309 — CVSS 3.7 (low): Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to…
CVE-2023-41814 — CVSS 3.7 (low): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site…
CVE-2022-26308 — CVSS 3.7 (low): Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of…
CVE-2022-2059 — CVSS 3.5 (low): In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting…
CVE-2022-2032 — CVSS 3.5 (low): In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting…
CVE-2023-41813 — CVSS 3.0 (low): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site…