Pandorafms

Pandora Fms

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-35307

  • EPSS 0.91%
  • Veröffentlicht 10.06.2024 15:15:51
  • Zuletzt bearbeitet 16.09.2025 15:56:22

Argument Injection Leading to Remote Code Execution in Realtime Graph Extension, allowing unauthenticated attackers to execute arbitrary code on the server. This issue affects Pandora FMS: from 700 through <777.

9.8

CVE-2024-35306

  • EPSS 0.93%
  • Veröffentlicht 10.06.2024 15:15:51
  • Zuletzt bearbeitet 16.09.2025 15:53:01

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777.

9.8

CVE-2024-35305

  • EPSS 0.37%
  • Veröffentlicht 10.06.2024 15:15:51
  • Zuletzt bearbeitet 16.09.2025 15:52:37

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through <777.

9.8

CVE-2024-35304

  • EPSS 1.09%
  • Veröffentlicht 10.06.2024 15:15:51
  • Zuletzt bearbeitet 16.09.2025 15:52:02

System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.

9.8

CVE-2023-44091

  • EPSS 0.45%
  • Veröffentlicht 19.03.2024 17:15:08
  • Zuletzt bearbeitet 16.09.2025 15:49:46

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. This ulnerability allowed SQL injections to be made even if authentication failed.This issue affects Pandor...

6.5

CVE-2023-41793

  • EPSS 0.39%
  • Veröffentlicht 19.03.2024 17:15:08
  • Zuletzt bearbeitet 16.09.2025 15:15:05

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776...

6.4

CVE-2023-44090

  • EPSS 0.34%
  • Veröffentlicht 19.03.2024 17:15:08
  • Zuletzt bearbeitet 16.09.2025 15:47:59

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows CVE-2008-5817. This vulnerability allowed SQL changes to be made to several files in the Grafana module. This issue affec...

9.1

CVE-2023-44092

  • EPSS 0.85%
  • Veröffentlicht 19.03.2024 17:15:08
  • Zuletzt bearbeitet 16.09.2025 15:51:17

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issu...

6.1

CVE-2023-44089

  • EPSS 0.25%
  • Veröffentlicht 29.12.2023 12:15:44
  • Zuletzt bearbeitet 21.11.2024 08:25:12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FM...

8.8

CVE-2023-44088

  • EPSS 0.73%
  • Veröffentlicht 29.12.2023 12:15:43
  • Zuletzt bearbeitet 21.11.2024 08:25:12

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects...