4 matches found
Pandora FMS 6.0SP3 Cross Site Scripting
Exploit Title: XSS vulnerability for keywords searching parameter in pandorafms-6.0SP3/pandoraconsole Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty Date: 05.27.2021 Vendor: https://pandorafms.com/ Link: https://github.com/pandorafms/pandorafms/releases CVE: 2021-0527-nu11secur1ty...
CVE-2021-32099
A SQL injection vulnerability in the pandoraconsole component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chartgenerator.php sessionid parameter, leading to a login bypass...
CVE-2021-32099
CVE-2021-32099 concerns Artica Pandora FMS 742, specifically the pandora_console component. A SQL injection in the /include/chart_generator.php endpoint via the session_id parameter enables an unauthenticated attacker to upgrade an unprivileged session, resulting in a login bypass. Multiple sourc...
CVE-2021-32099
A SQL injection vulnerability in the pandoraconsole component of Artica Pandora FMS 742 allows an unauthenticated attacker to upgrade his unprivileged session via the /include/chartgenerator.php sessionid parameter, leading to a login bypass...