Vulnerabilities > Centreon > Centreon WEB

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-5723 Unspecified vulnerability in Centreon web
Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability.
network
low complexity
centreon
8.8
2024-08-21 CVE-2024-5725 Unspecified vulnerability in Centreon web
Centreon initCurveList SQL Injection Remote Code Execution Vulnerability.
network
low complexity
centreon
8.8
2024-05-03 CVE-2023-51633 Cross-site Scripting vulnerability in Centreon web
Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability.
network
low complexity
centreon CWE-79
critical
9.6
2021-05-04 CVE-2021-26804 Incorrect Default Permissions vulnerability in Centreon web 19.10.18/20.04.8/20.10.2
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
network
low complexity
centreon CWE-276
6.5
2020-02-24 CVE-2019-15299 Improper Authentication vulnerability in Centreon web
An issue was discovered in Centreon Web through 19.04.3.
network
low complexity
centreon CWE-287
8.8
2019-11-27 CVE-2019-15300 SQL Injection vulnerability in Centreon web
A problem was found in Centreon Web through 19.04.3.
network
low complexity
centreon CWE-89
8.8
2019-11-27 CVE-2019-15298 OS Command Injection vulnerability in Centreon web
A problem was found in Centreon Web through 19.04.3.
network
low complexity
centreon CWE-78
8.8
2019-11-21 CVE-2019-16406 Incorrect Permission Assignment for Critical Resource vulnerability in Centreon web 19.04.4
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.
local
low complexity
centreon CWE-732
7.8
2019-11-21 CVE-2019-16405 Unspecified vulnerability in Centreon web
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
network
low complexity
centreon
7.2
2019-10-08 CVE-2019-17105 Use of Insufficiently Random Values vulnerability in Centreon web
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
network
low complexity
centreon CWE-330
5.3