Centreon Web Security Vulnerabilities and Issues — Centreon Web CVE List

Lucene search

CentreonCentreon Web

8 matches found

CVE•added 2019/10/08 1:15 p.m.•55 views

CVE-2019-17107

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.

8.8CVSS8.9AI score0.01694EPSS

CVE•added 2019/10/08 1:15 p.m.•43 views

CVE-2019-17108

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.

6.1CVSS5.8AI score0.00091EPSS

CVE•added 2019/10/08 1:15 p.m.•37 views

CVE-2018-21020

In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.

7.5CVSS7.6AI score0.00081EPSS

CVE•added 2019/10/08 1:15 p.m.•32 views

CVE-2018-21023

getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.

8.8CVSS8.8AI score0.01728EPSS

CVE•added 2019/10/08 1:15 p.m.•32 views

CVE-2019-17106

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.

6.5CVSS6.2AI score0.00134EPSS

CVE•added 2019/10/08 1:15 p.m.•30 views

CVE-2018-21021

img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2019/10/08 1:15 p.m.•26 views

CVE-2018-21022

makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2019/10/08 3:15 p.m.•24 views

CVE-2019-17105

The token generator in index.php in Centreon Web before 2.8.27 is predictable.

5.3CVSS5.3AI score0.0006EPSS