Centreon Web Security Vulnerabilities and Issues — Centreon Web CVE List

Lucene search

CentreonCentreon Web

10 matches found

CVE•added 2019/10/08 1:15 p.m.•55 views

CVE-2019-17107

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.

8.8CVSS8.9AI score0.01694EPSS

CVE•added 2024/08/21 5:15 p.m.•49 views

CVE-2024-5723

Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateServiceHost f...

8.8CVSS9.2AI score0.73038EPSS

CVE•added 2024/08/21 5:15 p.m.•47 views

CVE-2024-5725

Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the initCurveList function....

8.8CVSS9.2AI score0.30345EPSS

CVE•added 2019/11/27 2:15 p.m.•41 views

CVE-2019-15298

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing ...

8.8CVSS8.8AI score0.08911EPSS

CVE•added 2024/08/23 5:15 p.m.•39 views

CVE-2024-39841

A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

8.8CVSS8.4AI score0.0026EPSS

CVE•added 2020/02/24 1:15 p.m.•34 views

CVE-2019-15299

An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.

8.8CVSS8.6AI score0.0006EPSS

CVE•added 2019/10/08 1:15 p.m.•32 views

CVE-2018-21023

getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.

8.8CVSS8.8AI score0.01728EPSS

CVE•added 2019/10/08 1:15 p.m.•30 views

CVE-2018-21021

img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.

8.8CVSS8.8AI score0.00264EPSS

CVE•added 2019/11/27 2:15 p.m.•29 views

CVE-2019-15300

A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.

8.8CVSS8.8AI score0.00281EPSS

CVE•added 2019/10/08 1:15 p.m.•26 views

CVE-2018-21022

makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.

8.8CVSS8.8AI score0.00264EPSS