Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Artica PFMS — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting Artica PFMS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Artica PFMS is a French-based platform management system designed to simplify the administration of complex IT infrastructures, particularly for hosting providers and data centers. It centralizes the configuration of web servers, mail services, and databases, allowing administrators to manage multiple services through a unified interface. Security audits have identified twenty-seven Common Vulnerabilities and Exposures (CVEs) associated with the software, highlighting significant historical weaknesses. These vulnerabilities predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and improper access controls in older versions. While recent updates have addressed many critical issues, the product’s past incident history underscores the risks inherent in its complex architecture. Users are advised to maintain strict patch management protocols to mitigate exposure to known exploit vectors within the platform’s diverse service modules.

Top products by Artica PFMS: Pandora FMS
CVE IDTitleCVSSSeverityPublished
CVE-2023-0828 Stored Cross Site Scripting in syslog section — Pandora FMSCWE-79 6.7 Medium2023-10-03
CVE-2023-24518 Disabling the administrator's account through cross-site request forgery — Pandora FMSCWE-352 6.7 Medium2023-10-03
CVE-2023-24517 Remote Code Execution via Unrestricted File Upload — Pandora FMSCWE-434 6.4 Medium2023-08-22
CVE-2023-24516 Stored Cross Site Scripting - Special Days Module — Pandora FMSCWE-79 5.9 Medium2023-08-22
CVE-2023-24514 Stored Cross Site Scripting Vulnerability in Visual Console Module — Pandora FMSCWE-79 6.3 Medium2023-08-22
CVE-2023-24515 Server side request forgery in api checker — Pandora FMSCWE-918 5.2 Medium2023-08-22
CVE-2023-2807 Authentication bypass in password reset process — Pandora FMSCWE-290 6.4 Medium2023-06-13
CVE-2022-47373 Reflected Cross Site Scripting in Search Functionality of Module Library — Pandora FMSCWE-352 6.4 Medium2023-02-15
CVE-2022-47372 Stored cross-site scripting vulnerability in create event section — Pandora FMSCWE-352 7.6 High2023-02-15
CVE-2022-45437 Stored cross-site scripting vulnerability in the reporting dashboard module — Pandora FMSCWE-79 6.5 Medium2023-02-15
CVE-2022-45436 Stored cross-site scripting vulnerability in network maps editor feature — Pandora FMSCWE-79 6.1 Medium2023-02-15
CVE-2022-43978 Limited Authentication bypass due to hardcoded secret — Pandora FMSCWE-287 5.6 Medium2023-01-27
CVE-2022-43980 Cross-site scripting vulnerability in the network maps edit functionality — Pandora FMSCWE-352 5.2 Medium2023-01-27
CVE-2022-43979 Path Traversal leading to Local File Inclusion — Pandora FMSCWE-434 5.9 Medium2023-01-27
CVE-2021-46678 Vulnerability XSS in service form name field — Pandora FMSCWE-79 4.0 Medium2022-08-05
CVE-2021-46680 Vulnerability XSS in module form name field — Pandora FMSCWE-79 4.0 Medium2022-08-05
CVE-2021-46677 Vulnerability XSS in Event filter name field — Pandora FMSCWE-79 4.0 Medium2022-08-05
CVE-2021-46676 Vulnerability XSS in Transaction Map name field — Pandora FMSCWE-79 4.0 Medium2022-08-05
CVE-2021-46679 Vulnerability XSS in service elements — Pandora FMSCWE-79 4.0 Medium2022-08-05
CVE-2021-46681 Vulnerability XSS in module mass operation name field — Pandora FMSCWE-79 4.0 Medium2022-08-05
CVE-2022-26310 Improper Authorization in User Management to Vertical Privilege Escalation — Pandora FMSCWE-285 7.3 High2022-08-01
CVE-2022-26309 Cross-Site Request en Bulk operation (User operation) — Pandora FMSCWE-352 3.7 Low2022-08-01
CVE-2022-26308 Improper Access Control in Configuration (Credential store) — Pandora FMSCWE-284 3.7 Low2022-08-01
CVE-2022-1648 Relative Path Traversal to Remote Code Execution in File Manager — Pandora FMSCWE-23 5.7 Medium2022-07-26
CVE-2022-2059 Stored Cross Site-Scripting in Agent Manager — Pandora FMSCWE-79 3.5 Low2022-07-25
CVE-2022-2032 Stored Cross Site-Scripting in File Manager — Pandora FMSCWE-79 3.5 Low2022-07-25
CVE-2022-0507 Vulnerability: Authenticated SQL Injection in API — Pandora FMSCWE-89 5.8 Medium2022-03-09

This page lists every published CVE security advisory associated with Artica PFMS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.