Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Pandora FMS — Vulnerabilities & Security Advisories 71

All 71 CVE vulnerabilities found in Pandora FMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Artica PFMS

CVE IDTitleCVSSSeverityPublished
CVE-2023-41812 Uploading executables via the file manager CWE-434 5.7 Medium2023-11-23
CVE-2023-41811 Stored XSS Via Site News Page CWE-79 5.3 Medium2023-11-23
CVE-2023-41810 Stored XSS Via Dashboard Panel CWE-79 4.0 Medium2023-11-23
CVE-2023-41808 Arbitrary File Read As Root Via GoTTY Page CWE-269 8.5 High2023-11-23
CVE-2023-41807 Linux Local Privilege Escalation Via GoTTY Page CWE-269 9.1 Critical2023-11-23
CVE-2023-41806 Misassignment of privileges can cause DOS attack CWE-269 8.2 High2023-11-23
CVE-2023-41792 Lack of Authorization and Stored XSS Via SNMP Trap Editor Page CWE-352 5.9 Medium2023-11-23
CVE-2023-41791 Lack of Authorization and Stored XSS Via Translation Abuse CWE-79 8.4 High2023-11-23
CVE-2023-41790 Traversal Path on PHP file CWE-427 7.6 High2023-11-23
CVE-2023-41789 Unauthenticated Admin Account Takeover Via XSS CWE-79 7.6 High2023-11-23
CVE-2023-41788 Remote Code Execution via File Uploader CWE-434 7.6 High2023-11-23
CVE-2023-41787 Arbitrary File Read CWE-427 6.0 Medium2023-11-23
CVE-2023-41786 Database backups availability by low-privileged users CWE-200 6.8 Medium2023-11-23
CVE-2023-4677 Unauthenticated Admin Account Takeover Via Cron Log File Backups CWE-287 7.0 High2023-11-23
CVE-2023-0828 Stored Cross Site Scripting in syslog section CWE-79 6.7 Medium2023-10-03
CVE-2023-24518 Disabling the administrator's account through cross-site request forgery CWE-352 6.7 Medium2023-10-03
CVE-2023-24517 Remote Code Execution via Unrestricted File Upload CWE-434 6.4 Medium2023-08-22
CVE-2023-24516 Stored Cross Site Scripting - Special Days Module CWE-79 5.9 Medium2023-08-22
CVE-2023-24514 Stored Cross Site Scripting Vulnerability in Visual Console Module CWE-79 6.3 Medium2023-08-22
CVE-2023-24515 Server side request forgery in api checker CWE-918 5.2 Medium2023-08-22
CVE-2023-2807 Authentication bypass in password reset process CWE-290 6.4 Medium2023-06-13
CVE-2022-47372 Stored cross-site scripting vulnerability in create event section CWE-352 7.6 High2023-02-15
CVE-2022-45436 Stored cross-site scripting vulnerability in network maps editor feature CWE-79 6.1 Medium2023-02-15
CVE-2022-45437 Stored cross-site scripting vulnerability in the reporting dashboard module CWE-79 6.5 Medium2023-02-15
CVE-2022-47373 Reflected Cross Site Scripting in Search Functionality of Module Library CWE-352 6.4 Medium2023-02-15
CVE-2022-43980 Cross-site scripting vulnerability in the network maps edit functionality CWE-352 5.2 Medium2023-01-27
CVE-2022-43979 Path Traversal leading to Local File Inclusion CWE-434 5.9 Medium2023-01-27
CVE-2022-43978 Limited Authentication bypass due to hardcoded secret CWE-287 5.6 Medium2023-01-27
CVE-2021-46678 Vulnerability XSS in service form name field CWE-79 4.0 Medium2022-08-05
CVE-2021-46680 Vulnerability XSS in module form name field CWE-79 4.0 Medium2022-08-05

All 71 known CVE vulnerabilities affecting Pandora FMS with full Chinese analysis, references, and POCs where available.