Vulnerabilities > Centreon > Centreon WEB > 2.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-21 | CVE-2024-5723 | Unspecified vulnerability in Centreon web Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-08-21 | CVE-2024-5725 | Unspecified vulnerability in Centreon web Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. | 8.8 |
| 2024-05-03 | CVE-2023-51633 | Cross-site Scripting vulnerability in Centreon web Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. | 9.6 |
| 2020-02-24 | CVE-2019-15299 | Improper Authentication vulnerability in Centreon web An issue was discovered in Centreon Web through 19.04.3. | 8.8 |
| 2019-11-21 | CVE-2019-16405 | Unspecified vulnerability in Centreon web Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. | 7.2 |
| 2019-10-08 | CVE-2019-17106 | Cleartext Storage of Sensitive Information vulnerability in Centreon web In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | 6.5 |
| 2019-10-08 | CVE-2018-21022 | SQL Injection vulnerability in Centreon web makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | 8.8 |
| 2019-10-08 | CVE-2018-21021 | SQL Injection vulnerability in Centreon web img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | 8.8 |
| 2019-10-08 | CVE-2018-21020 | Improper Input Validation vulnerability in Centreon web In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | 7.5 |