Lucene search
K

13 matches found

CVE
CVE
added 2019/11/21 5:35 p.m.90 views

CVE-2019-16405

Centreon Web products are affected by CVE-2019-16405 (and related CVE-2019-17501): remote code execution via an administrator who can modify Macro Expression location settings. Affected versions include Centreon Web prior to 2.8.30, 18.10.x prior to 18.10.8, 19.04.x prior to 19.04.5, and 19.10.x ...

9CVSS7.2AI score0.27002EPSS
CVE
CVE
added 2024/04/01 9:47 p.m.77 views

CVE-2024-23115

Centreon updateGroups SQL Injection (CVE-2024-23115) allows remote code execution via improper validation of a user-supplied string used to build SQL queries in the updateGroups function. This requires authentication to exploit and can run code in the service account context. Connected sources (V...

7.2CVSS7.5AI score0.67493EPSS
CVE
CVE
added 2024/04/01 9:47 p.m.76 views

CVE-2024-23116

Summary (CVE-2024-23116): Centreon is vulnerable to a SQL Injection in the core function updateLCARelation , caused by improper validation of a user-supplied string used to build SQL queries. This leads to Remote Code Execution in the context of the service account. The vulnerability is documente...

7.2CVSS7.5AI score0.53411EPSS
CVE
CVE
added 2024/04/01 9:48 p.m.72 views

CVE-2024-23119

Centreon insertGraphTemplate SQL Injection leads to Remote Code Execution. The flaw is improper validation of a user-supplied string used to build SQL queries inside insertGraphTemplate, allowing an attacker to run code in the service account. Exploitation requires authentication. Affected Centre...

8.8CVSS9.2AI score0.01371EPSS
CVE
CVE
added 2024/04/01 9:47 p.m.68 views

CVE-2024-23117

CVE-2024-23117 concerns Centreon: the vulnerability is in the updateContactServiceCommands function where user-supplied input is not properly validated before being used to build SQL queries. This leads to a SQL Injection that can execute arbitrary code in the context of the Centreon service acco...

7.2CVSS7.5AI score0.53411EPSS
CVE
CVE
added 2024/04/01 9:48 p.m.68 views

CVE-2024-23118

CVE-2024-23118 describes a SQL Injection in Centreon’s updateContactHostCommands function. The root cause is improper validation of user-supplied input used to build SQL queries, enabling an attacker to execute arbitrary code in the context of the service account. Exploitation requires authentica...

7.2CVSS7.5AI score0.53411EPSS
CVE
CVE
added 2024/04/01 9:45 p.m.64 views

CVE-2024-0637

Centreon updateDirectory SQL Injection Remote Code Execution vulnerability affects Centreon installations. The flaw is due to improper validation of a user-supplied string in the updateDirectory function, which is used to build SQL queries. This can allow an attacker to execute arbitrary code in ...

8.8CVSS9.1AI score0.72319EPSS
CVE
CVE
added 2024/08/21 4:14 p.m.62 views

CVE-2024-5723

Centreon updateServiceHost exposes a SQL Injection that leads to Remote Code Execution. The flaw occurs in updateServiceHost due to improper validation of a user-supplied string used to build SQL queries, allowing an attacker to run code in the apache user context after authentication is required...

8.8CVSS9.2AI score0.40669EPSS
CVE
CVE
added 2024/05/03 2:15 a.m.61 views

CVE-2023-51633

Centreon (Centreon) sysName Cross-Site Scripting Remote Code Execution vulnerability (CVE-2023-51633) stems from improper validation of input in the SNMP sysName OID, enabling arbitrary code execution with the service account when a user-provided value is processed. Exploitation requires user int...

9.6CVSS7.7AI score0.0109EPSS
CVE
CVE
added 2024/08/21 4:14 p.m.57 views

CVE-2024-5725

Centreon vulnerability CVE-2024-5725 is a SQL Injection in the initCurveList function that allows remote code execution. The flaw arises from improper validation of a user-supplied string used to build SQL queries, enabling an attacker to run arbitrary code in the context of the apache user. Auth...

8.8CVSS9.2AI score0.47648EPSS
CVE
CVE
added 2019/10/08 12:8 p.m.49 views

CVE-2018-21020

Centreon Web component centreonAuth.class.php contains a PHP type juggling flaw that, before version 2.8.27, can allow an attacker to bypass authentication. The issue is documented across multiple sources (CVE-2018-21020; affected product Centreon Web pre-2.8.27). Impact is authentication bypass ...

7.5CVSS7.6AI score0.01981EPSS
CVE
CVE
added 2019/10/08 12:11 p.m.44 views

CVE-2018-21021

Summary of CVE-2018-21021 : Multiple sources confirm a SQL injection vulnerability in Centreon Web (Centreon/Merethis) prior to version 2.8.27. The issue is triggered via the host_id parameter in img_gantt.php, allowing an attacker to inject and potentially execute arbitrary SQL commands. Exploit...

8.8CVSS8.8AI score0.01836EPSS
CVE
CVE
added 2019/10/08 12:14 p.m.39 views

CVE-2018-21022

Centreon Web vulnerability CVE-2018-21022: The affected component is makeXML_ListServices.php in Centreon Web, with the root cause being a SQL injection via the host_id parameter. Versions prior to 2.8.28 are affected. Impact is that an attacker could inject SQL commands through the host_id value...

8.8CVSS8.8AI score0.01836EPSS