Artica St Pandora Fms vulnerabilities
3 known vulnerabilities affecting artica_st/pandora_fms.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2014-125124P1CRITICALCVSS 10.0PoC≤ 5.0RC12025-07-31
CVE-2014-125124 [CRITICAL] CWE-78 CVE-2014-125124: An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and i
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the
nvd
CVE-2014-125115P2CRITICALCVSS 10.0PoC≤ 5.0 SP22025-07-25
CVE-2014-125115 [CRITICAL] CWE-89 CVE-2014-125115: An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. Th
An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter, allowing attackers to extract administrator credentials or active session tokens via crafted requests. This occurs because input is directly concaten
nvd
CVE-2025-34088P2HIGHCVSS 8.8PoC≤ 7.0NG2025-07-03
CVE-2025-34088 [HIGH] CWE-78 CVE-2025-34088: An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier
An authenticated remote code execution vulnerability exists in Pandora FMS version 7.0NG and earlier. The net_tools.php functionality allows authenticated users to execute arbitrary OS commands via the select_ips parameter when performing network tools operations, such as pinging. This occurs because user input is not properly sanitized before being pa
nvd