7 matches found
CVE-2014-3828
Centreon 2.5.1 and Centreon Enterprise Server 2.2 contain SQL injection vulnerabilities (CVE-2014-3828) that are pre-auth and remotely exploitable. The issues arise in multiple PHP components where unsanitized input is used: index_id (views/graphs/common/makeXML_ListMetrics.php), sid (views/graph...
CVE-2012-5967
Centreon 2.3.3 through 2.3.9-4 contains a blind SQL injection in menuXML.php via the menu parameter. Exploitation requires an authenticated remote user and can lead to arbitrary SQL execution against the back-end DB. The issue is mitigated by upgrading to Centreon Web 2.6.0 or Centreon 2.4.0+ (pe...
CVE-2011-4432
CVE-2011-4432 affects Merethis Centreon prior to 2.3.2. The vulnerability is that the password hashing routine does not use a salt, making it easier for context-dependent attackers to recover plaintext passwords via rainbow tables. The available sources confirm this specific insecure credential h...
CVE-2014-3829
Centreon 2.5.1 and Centreon Enterprise Server 2.2 are vulnerable to unauthenticated command injection via displayServiceStatus.php, exploiting shell metacharacters in the session_id or template_id parameters (related to the command_line variable). The issue, CVE-2014-3829, is noted as fixed in Ce...
CVE-2011-4431
Centreon before 2.3.2 is affected by a directory traversal vulnerability in main.php where the command_name parameter is not properly validated. This allows remote authenticated users to execute arbitrary commands via a .. (dot dot) path traversal sequence. The issue arises from insufficient inpu...
CVE-2009-4368
Centreon before 2.1.4 has multiple vulnerabilities in the ping, traceroute, and LDAP import components, likely related to improper authentication. Affects Centreon installations running versions prior to 2.1.4. Remediation: upgrade to Centreon 2.1.4 or apply the vendor patch (VendorFix). No explo...
CVE-2010-1301
Centreon 2.1.5 contains an SQL injection in main.php exploited via the host_id parameter. The OpenVAS entries confirm Centreon is prone to SQLi due to insufficient input sanitization, enabling remote attackers to execute arbitrary SQL commands and potentially compromise data. The affected compone...