VulnCheck KEV: CVE-2018-11222

Local File Inclusion LFI in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandoraconsole/ajax.php ajax endpoint...

CVE-2023-4677

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This iss...

PT-2023-8542 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions = 772 Description: The issue is related to insufficient protection of registration data in the Pandora FMS Console, allowing an attacker to gain unauthorized access to protected information and elevate their privileges to...

The vulnerability of the `include/chart_generator.php` script of the Pandora Console component, a monitoring and management system for IT environments in the Pandora FMS framework. This script allows attackers to bypass security restrictions and execute arbitrary SQL code.

The vulnerability of the include/chartgenerator.php implementation of the Pandora Console component in the Pandora FMS monitoring and management system is related to the lack of measures taken to protect the SQL query structure during the processing of the sessionid parameter. Exploiting this...

Pandora FMS 6.0SP3 Cross Site Scripting Vulnerability

Exploit Title: XSS vulnerability for keywords searching parameter in pandorafms-6.0SP3/pandoraconsole Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Vendor: https://pandorafms.com/ Link: https://github.com/pandorafms/pandorafms/releases CVE: 2021-0527-nu11secur1ty Proof:...

CVE-2018-11222

Local File Inclusion LFI in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandoraconsole/ajax.php ajax endpoint...