Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Pandora FMS — Vulnerabilities & Security Advisories 48

Browse all 48 CVE security advisories affecting Pandora FMS. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pandora FMS is an open-source network monitoring and management solution designed to provide comprehensive visibility into IT infrastructure performance and availability. Historically, its codebase has exhibited significant security weaknesses, resulting in forty-three recorded Common Vulnerabilities and Exposures. These flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and improper access controls within its web interface and API components. While the platform serves critical operational needs for system administrators, the high volume of disclosed CVEs indicates a pattern of recurring security defects that require diligent patching. No single catastrophic incident has publicly defined the software’s reputation, but the cumulative risk profile suggests that organizations must prioritize rigorous security hardening and regular updates to mitigate the potential for unauthorized system access or data compromise inherent in its current vulnerability landscape.

Found 46 results / 48Clear Filters
Top products by Pandora FMS: Pandora FMS Pandora ITSM
CVE IDTitleCVSSSeverityPublished
CVE-2023-41814 XSS Vulnerability Messages — Pandora FMSCWE-79 3.7 Low2023-12-29
CVE-2023-41813 User notification settings edition — Pandora FMSCWE-79 3.0 Low2023-12-29
CVE-2023-41812 Uploading executables via the file manager — Pandora FMSCWE-434 5.7 Medium2023-11-23
CVE-2023-41811 Stored XSS Via Site News Page — Pandora FMSCWE-79 5.3 Medium2023-11-23
CVE-2023-41810 Stored XSS Via Dashboard Panel — Pandora FMSCWE-79 4.0 Medium2023-11-23
CVE-2023-41808 Arbitrary File Read As Root Via GoTTY Page — Pandora FMSCWE-269 8.5 High2023-11-23
CVE-2023-41807 Linux Local Privilege Escalation Via GoTTY Page — Pandora FMSCWE-269 9.1 Critical2023-11-23
CVE-2023-41806 Misassignment of privileges can cause DOS attack — Pandora FMSCWE-269 8.2 High2023-11-23
CVE-2023-41792 Lack of Authorization and Stored XSS Via SNMP Trap Editor Page — Pandora FMSCWE-352 5.9 Medium2023-11-23
CVE-2023-41791 Lack of Authorization and Stored XSS Via Translation Abuse — Pandora FMSCWE-79 8.4 High2023-11-23
CVE-2023-41790 Traversal Path on PHP file — Pandora FMSCWE-427 7.6 High2023-11-23
CVE-2023-41789 Unauthenticated Admin Account Takeover Via XSS — Pandora FMSCWE-79 7.6 High2023-11-23
CVE-2023-41788 Remote Code Execution via File Uploader — Pandora FMSCWE-434 7.6 High2023-11-23
CVE-2023-41787 Arbitrary File Read — Pandora FMSCWE-427 6.0 Medium2023-11-23
CVE-2023-41786 Database backups availability by low-privileged users — Pandora FMSCWE-200 6.8 Medium2023-11-23
CVE-2023-4677 Unauthenticated Admin Account Takeover Via Cron Log File Backups — Pandora FMSCWE-287 7.0 High2023-11-23

This page lists every published CVE security advisory associated with Pandora FMS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.