Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Pandora FMS — Vulnerabilities & Security Advisories 76

All 76 CVE vulnerabilities found in Pandora FMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: Artica PFMS

CVE IDTitleCVSSSeverityPublished
CVE-2023-44089 XSS in Visual Console CWE-79 6.1 Medium2023-12-29
CVE-2023-44088 SQL Injection in Visual Console CWE-89 5.9 Medium2023-12-29
CVE-2023-41815 XSS in File manager CWE-79 7.5 High2023-12-29
CVE-2023-41814 XSS Vulnerability Messages CWE-79 3.7 Low2023-12-29
CVE-2023-41813 User notification settings edition CWE-79 3.0 Low2023-12-29
CVE-2023-41812 Uploading executables via the file manager CWE-434 5.7 Medium2023-11-23
CVE-2023-41811 Stored XSS Via Site News Page CWE-79 5.3 Medium2023-11-23
CVE-2023-41810 Stored XSS Via Dashboard Panel CWE-79 4.0 Medium2023-11-23
CVE-2023-41808 Arbitrary File Read As Root Via GoTTY Page CWE-269 8.5 High2023-11-23
CVE-2023-41807 Linux Local Privilege Escalation Via GoTTY Page CWE-269 9.1 Critical2023-11-23
CVE-2023-41806 Misassignment of privileges can cause DOS attack CWE-269 8.2 High2023-11-23
CVE-2023-41792 Lack of Authorization and Stored XSS Via SNMP Trap Editor Page CWE-352 5.9 Medium2023-11-23
CVE-2023-41791 Lack of Authorization and Stored XSS Via Translation Abuse CWE-79 8.4 High2023-11-23
CVE-2023-41790 Traversal Path on PHP file CWE-427 7.6 High2023-11-23
CVE-2023-41789 Unauthenticated Admin Account Takeover Via XSS CWE-79 7.6 High2023-11-23
CVE-2023-41788 Remote Code Execution via File Uploader CWE-434 7.6 High2023-11-23
CVE-2023-41787 Arbitrary File Read CWE-427 6.0 Medium2023-11-23
CVE-2023-41786 Database backups availability by low-privileged users CWE-200 6.8 Medium2023-11-23
CVE-2023-4677 Unauthenticated Admin Account Takeover Via Cron Log File Backups CWE-287 7.0 High2023-11-23
CVE-2023-0828 Stored Cross Site Scripting in syslog section CWE-79 6.7 Medium2023-10-03
CVE-2023-24518 Disabling the administrator's account through cross-site request forgery CWE-352 6.7 Medium2023-10-03
CVE-2023-24517 Remote Code Execution via Unrestricted File Upload CWE-434 6.4 Medium2023-08-22
CVE-2023-24516 Stored Cross Site Scripting - Special Days Module CWE-79 5.9 Medium2023-08-22
CVE-2023-24514 Stored Cross Site Scripting Vulnerability in Visual Console Module CWE-79 6.3 Medium2023-08-22
CVE-2023-24515 Server side request forgery in api checker CWE-918 5.2 Medium2023-08-22
CVE-2023-2807 Authentication bypass in password reset process CWE-290 6.4 Medium2023-06-13
CVE-2022-47373 Reflected Cross Site Scripting in Search Functionality of Module Library CWE-352 6.4 Medium2023-02-15
CVE-2022-47372 Stored cross-site scripting vulnerability in create event section CWE-352 7.6 High2023-02-15
CVE-2022-45437 Stored cross-site scripting vulnerability in the reporting dashboard module CWE-79 6.5 Medium2023-02-15
CVE-2022-45436 Stored cross-site scripting vulnerability in network maps editor feature CWE-79 6.1 Medium2023-02-15

All 76 known CVE vulnerabilities affecting Pandora FMS with full Chinese analysis, references, and POCs where available.