Centreon Web Security Vulnerabilities and Issues — Centreon Web CVE List

Lucene search

CentreonCentreon Web

10 matches found

CVE•added 2019/11/21 6:15 p.m.•74 views

CVE-2019-16405

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.

9CVSS7.2AI score0.08968EPSS

CVE•added 2024/08/23 5:15 p.m.•50 views

CVE-2024-33852

A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

9.1CVSS8.4AI score0.00185EPSS

CVE•added 2018/06/25 6:29 p.m.•47 views

CVE-2018-11587

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.

9.8CVSS9.7AI score0.01141EPSS

CVE•added 2025/01/23 10:15 p.m.•46 views

CVE-2024-53923

An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media.

9.1CVSS8AI score0.00043EPSS

CVE•added 2024/05/03 3:16 a.m.•45 views

CVE-2023-51633

Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the sy...

9.6CVSS7.7AI score0.0183EPSS

CVE•added 2025/01/23 11:15 p.m.•45 views

CVE-2024-55573

An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.

9.1CVSS7.7AI score0.00065EPSS

CVE•added 2024/08/23 5:15 p.m.•43 views

CVE-2024-32501

A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

9.8CVSS8.4AI score0.01741EPSS

CVE•added 2018/06/25 6:29 p.m.•38 views

CVE-2018-11589

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host...

9.8CVSS9.9AI score0.00165EPSS

CVE•added 2024/08/23 5:15 p.m.•36 views

CVE-2024-33853

A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

9.1CVSS8.4AI score0.00186EPSS

CVE•added 2024/08/23 5:15 p.m.•36 views

CVE-2024-33854

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.

9.1CVSS8.4AI score0.00185EPSS