Pandorafms

Pandora Fms

57 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-35304

  • EPSS 1.33%
  • Published 10.06.2024 15:15:51
  • Last modified 16.09.2025 15:52:02

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.

6.4

CVE-2023-44090

  • EPSS 0.12%
  • Published 19.03.2024 17:15:08
  • Last modified 16.09.2025 15:47:59

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affec...

6.5

CVE-2023-41793

  • EPSS 0.1%
  • Published 19.03.2024 17:15:08
  • Last modified 16.09.2025 15:15:05

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776...

9.8

CVE-2023-44091

  • EPSS 0.29%
  • Published 19.03.2024 17:15:08
  • Last modified 16.09.2025 15:49:46

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandor...

9.1

CVE-2023-44092

  • EPSS 0.13%
  • Published 19.03.2024 17:15:08
  • Last modified 16.09.2025 15:51:17

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issu...

6.1

CVE-2023-44089

  • EPSS 0.11%
  • Published 29.12.2023 12:15:44
  • Last modified 21.11.2024 08:25:12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FM...

8.8

CVE-2023-44088

  • EPSS 0.2%
  • Published 29.12.2023 12:15:43
  • Last modified 21.11.2024 08:25:12

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects...

6.1

CVE-2023-41815

  • EPSS 0.14%
  • Published 29.12.2023 12:15:43
  • Last modified 21.11.2024 08:21:44

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: ...

6.1

CVE-2023-41814

  • EPSS 0.69%
  • Published 29.12.2023 12:15:43
  • Last modified 21.11.2024 08:21:43

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user rec...

6.1

CVE-2023-41813

  • EPSS 0.51%
  • Published 29.12.2023 12:15:43
  • Last modified 21.11.2024 08:21:43

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: ...