Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Pandora FMS — Vulnerabilities & Security Advisories 71

All 71 CVE vulnerabilities found in Pandora FMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Artica PFMS

CVE IDTitleCVSSSeverityPublished
CVE-2026-34188 OS Command Injection in Event Response Execution CWE-78 9.8 -2026-04-13
CVE-2026-34186 SQL Injection in Custom Fields leads to Database Compromise CWE-89 9.8 -2026-04-13
CVE-2026-30813 SQL Injection in Module Search leads to Database Compromise CWE-89 9.8 -2026-04-13
CVE-2026-30812 Stored Cross-Site Scripting in Event Comments via Filter Bypass CWE-79 6.1 -2026-04-13
CVE-2026-30811 Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure CWE-276 7.5 -2026-04-13
CVE-2026-30809 OS Command Injection in WebServerModuleDebug via Blacklist Bypass leads to Remote Code Execution CWE-78 9.8 -2026-04-13
CVE-2026-30806 OS Command Injection in Network Report leads to Remote Code Execution CWE-78 9.8 -2026-04-13
CVE-2026-30804 Unrestricted File Upload in Extension Uploader leads to Remote Code Execution CWE-434 9.8 -2026-04-13
CVE-2014-125124 Pandora FMS <= 5.0RC1 Anyterm Unauthenticated Command Injection CWE-78 9.8AICriticalAI2025-07-31
CVE-2014-125115 Pandora FMS ≤ 5.0 SP2 Default Credential SQL Injection RCE CWE-798 9.8 -2025-07-25
CVE-2025-34088 Pandora FMS Authenticated Remote Code Execution via Ping Module CWE-78 8.8AIHighAI2025-07-03
CVE-2025-5306 Command Injection in Netflow path CWE-77 9.8AICriticalAI2025-06-27
CVE-2024-12992 Remote Code Execution leads to Command Injection CWE-77 9.8 -2025-03-17
CVE-2024-12971 QuickShell Authenticated Command Injection CWE-77 9.8 -2025-03-17
CVE-2024-11320 Command Injection leading to RCE via LDAP Misconfiguration CWE-77 9.8AICriticalAI2024-11-21
CVE-2024-35308 Post-auth Arbitrary File Read in the Server Plugins Section CWE-22 6.5AIMediumAI2024-10-22
CVE-2024-9987 SQL Injection in CSV Module Data Collection CWE-89 8.8AIHighAI2024-10-22
CVE-2024-35307 Argument Injection Leading to Remote Code Execution in Realtime Graph Extension CWE-88 9.8 -2024-06-10
CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request CWE-78 9.8 -2024-06-10
CVE-2024-35305 Unauth Time-Based SQL Injection via API CWE-89 9.8 -2024-06-10
CVE-2024-35304 System command injection through Netflow function CWE-78 9.8 -2024-06-10
CVE-2023-41793 Path Traversal and Untrusted Upload File CWE-35 6.7 Medium2024-03-19
CVE-2023-44092 OS Command Injection CWE-78 7.6 High2024-03-19
CVE-2023-44091 Unauth Time-Based SQL Injection CWE-89 7.5 High2024-03-19
CVE-2023-44090 UnautH SQL Injection CWE-89 6.8 Medium2024-03-19
CVE-2023-44089 XSS in Visual Console CWE-79 6.1 Medium2023-12-29
CVE-2023-44088 SQL Injection in Visual Console CWE-89 5.9 Medium2023-12-29
CVE-2023-41815 XSS in File manager CWE-79 7.5 High2023-12-29
CVE-2023-41814 XSS Vulnerability Messages CWE-79 3.7 Low2023-12-29
CVE-2023-41813 User notification settings edition CWE-79 3.0 Low2023-12-29

All 71 known CVE vulnerabilities affecting Pandora FMS with full Chinese analysis, references, and POCs where available.