13 matches found
CVE-2019-16405
Centreon Web products are affected by CVE-2019-16405 (and related CVE-2019-17501): remote code execution via an administrator who can modify Macro Expression location settings. Affected versions include Centreon Web prior to 2.8.30, 18.10.x prior to 18.10.8, 19.04.x prior to 19.04.5, and 19.10.x ...
CVE-2024-23115
Centreon updateGroups SQL Injection (CVE-2024-23115) allows remote code execution via improper validation of a user-supplied string used to build SQL queries in the updateGroups function. This requires authentication to exploit and can run code in the service account context. Connected sources (V...
CVE-2024-23116
Summary (CVE-2024-23116): Centreon is vulnerable to a SQL Injection in the core function updateLCARelation , caused by improper validation of a user-supplied string used to build SQL queries. This leads to Remote Code Execution in the context of the service account. The vulnerability is documente...
CVE-2024-23119
Centreon insertGraphTemplate SQL Injection leads to Remote Code Execution. The flaw is improper validation of a user-supplied string used to build SQL queries inside insertGraphTemplate, allowing an attacker to run code in the service account. Exploitation requires authentication. Affected Centre...
CVE-2024-23117
CVE-2024-23117 concerns Centreon: the vulnerability is in the updateContactServiceCommands function where user-supplied input is not properly validated before being used to build SQL queries. This leads to a SQL Injection that can execute arbitrary code in the context of the Centreon service acco...
CVE-2024-23118
CVE-2024-23118 describes a SQL Injection in Centreon’s updateContactHostCommands function. The root cause is improper validation of user-supplied input used to build SQL queries, enabling an attacker to execute arbitrary code in the context of the service account. Exploitation requires authentica...
CVE-2024-0637
Centreon updateDirectory SQL Injection Remote Code Execution vulnerability affects Centreon installations. The flaw is due to improper validation of a user-supplied string in the updateDirectory function, which is used to build SQL queries. This can allow an attacker to execute arbitrary code in ...
CVE-2024-5723
Centreon updateServiceHost exposes a SQL Injection that leads to Remote Code Execution. The flaw occurs in updateServiceHost due to improper validation of a user-supplied string used to build SQL queries, allowing an attacker to run code in the apache user context after authentication is required...
CVE-2023-51633
Centreon (Centreon) sysName Cross-Site Scripting Remote Code Execution vulnerability (CVE-2023-51633) stems from improper validation of input in the SNMP sysName OID, enabling arbitrary code execution with the service account when a user-provided value is processed. Exploitation requires user int...
CVE-2024-5725
Centreon vulnerability CVE-2024-5725 is a SQL Injection in the initCurveList function that allows remote code execution. The flaw arises from improper validation of a user-supplied string used to build SQL queries, enabling an attacker to run arbitrary code in the context of the apache user. Auth...
CVE-2018-21020
Centreon Web component centreonAuth.class.php contains a PHP type juggling flaw that, before version 2.8.27, can allow an attacker to bypass authentication. The issue is documented across multiple sources (CVE-2018-21020; affected product Centreon Web pre-2.8.27). Impact is authentication bypass ...
CVE-2018-21021
Summary of CVE-2018-21021 : Multiple sources confirm a SQL injection vulnerability in Centreon Web (Centreon/Merethis) prior to version 2.8.27. The issue is triggered via the host_id parameter in img_gantt.php, allowing an attacker to inject and potentially execute arbitrary SQL commands. Exploit...
CVE-2018-21022
Centreon Web vulnerability CVE-2018-21022: The affected component is makeXML_ListServices.php in Centreon Web, with the root cause being a SQL injection via the host_id parameter. Versions prior to 2.8.28 are affected. Impact is that an attacker could inject SQL commands through the host_id value...