CVE-2024-23119

Centreon insertGraphTemplate SQL Injection leads to Remote Code Execution. The flaw is improper validation of a user-supplied string used to build SQL queries inside insertGraphTemplate, allowing an attacker to run code in the service account. Exploitation requires authentication. Affected Centre...

CVE-2022-42429

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of...

CVE-2022-40043

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the escname Escalation Name parameter at Configuration/Notifications/Escalations...

CVE-2022-36194

Centreon 22.04.0 is vulnerable to Cross Site Scripting XSS from the function Pollers Broker Configuration by adding a crafted payload into the name parameter...

CVE-2021-28053

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration Users Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters...

CVE-2020-22425

Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution...

CVE-2020-22425

Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution...

CVE-2020-10945

Centreon before 19.10.7 exposes Session IDs in server responses...

CVE-2020-13252

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabasestatuspath via a main.get.php request and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page...

CVE-2019-16195

Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields...

CVE-2019-17501

Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 aka the Configuration Commands Discovery screen. CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same...

CVE-2019-17501

CVE-2019-17501 is connected to an RCE issue in Centreon Web. Red Hat’s entry confirms affected ranges: Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5, and 19.10.x before 19.10.2, with a fix likely in 19.04.5 for the 19.04 line. The initial description indicates Centreo...

CVE-2019-17501

Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 aka the Configuration Commands Discovery screen. CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same...

Centreon 1.4.2 - color_picker.php Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28043/info Centreon is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...

Centreon "command_name"参数远程命令执行漏洞

BUGTRAQ ID: 50568 CVE ID: CVE-2011-4431 Centreon是一款开源的软件，主要用于与nagios搭配，通过页面管理nagios，通过第三方组件实现对网络，操作系统，应用程序的监控。 Centreon的"commandname"参数在实现上存在输入验证漏洞，攻击者可利用此漏洞在命令执行任意命令。所有可以访问"Configuration Nagios Checks"的帐户都可以执行命令。 Centreon 2.3.1 厂商补丁： Centreon -------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Centreon < 2.1.4 Security Bypass

Binary data 5290.prm...