Vulnerabilities > Centreon

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-16	CVE-2021-28053	SQL Injection vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. network low complexity centreon CWE-89	6.5
2021-05-26	CVE-2021-27676	Cross-Site Scripting vulnerability in Centreon 20.10.2 Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. network centreon CWE-79	3.5
2021-05-04	CVE-2021-26804	Incorrect Default Permissions vulnerability in Centreon web 19.10.18/20.04.8/20.10.2 Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application. network low complexity centreon CWE-276	4.0
2021-04-15	CVE-2021-28055	Cross-Site Request Forgery (CSRF) vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. network centreon CWE-352	4.3
2021-02-15	CVE-2020-22425	SQL Injection vulnerability in Centreon 19.10 Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. network low complexity centreon CWE-89	6.5
2020-05-27	CVE-2020-13628	Cross-Site Scripting vulnerability in Centreon products Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. network centreon CWE-79	4.3
2020-05-27	CVE-2020-13627	Cross-Site Scripting vulnerability in Centreon products Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. network centreon CWE-79	4.3
2020-05-27	CVE-2020-10946	Cross-Site Scripting vulnerability in Centreon products Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. network centreon CWE-79	4.3
2020-05-27	CVE-2020-10945	Information Exposure vulnerability in Centreon Centreon before 19.10.7 exposes Session IDs in server responses. low complexity centreon CWE-200	3.3
2020-05-21	CVE-2020-13252	OS Command Injection vulnerability in Centreon Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. network low complexity centreon CWE-78 critical	9.0

Vulnerabilities > Centreon {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Centreon"}]}

Vulnerabilities > Centreon