Vulnerabilities > Centreon > Centreon WEB > 2.8.25

DATE CVE VULNERABILITY TITLE RISK
2019-10-08 CVE-2019-17106 Cleartext Storage of Sensitive Information vulnerability in Centreon web
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
network
low complexity
centreon CWE-312
6.5
6.5
2019-10-08 CVE-2018-21023 Code Injection vulnerability in Centreon web
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
network
low complexity
centreon CWE-94
8.8
8.8
2019-10-08 CVE-2018-21022 SQL Injection vulnerability in Centreon web
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
network
low complexity
centreon CWE-89
8.8
8.8
2019-10-08 CVE-2018-21021 SQL Injection vulnerability in Centreon web
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
network
low complexity
centreon CWE-89
8.8
8.8
2019-10-08 CVE-2018-21020 Improper Input Validation vulnerability in Centreon web
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
network
low complexity
centreon CWE-20
7.5
7.5