Vulnerabilities > Centreon > Centreon WEB
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-08 | CVE-2019-17108 | Cross-site Scripting vulnerability in Centreon web Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | 6.1 |
2019-10-08 | CVE-2019-17107 | OS Command Injection vulnerability in Centreon web minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. | 8.8 |
2019-10-08 | CVE-2019-17106 | Cleartext Storage of Sensitive Information vulnerability in Centreon web In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | 6.5 |
2019-10-08 | CVE-2018-21023 | Code Injection vulnerability in Centreon web getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | 8.8 |
2019-10-08 | CVE-2018-21022 | SQL Injection vulnerability in Centreon web makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | 8.8 |
2019-10-08 | CVE-2018-21021 | SQL Injection vulnerability in Centreon web img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | 8.8 |
2019-10-08 | CVE-2018-21020 | Improper Input Validation vulnerability in Centreon web In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | 7.5 |
2018-06-25 | CVE-2018-11589 | SQL Injection vulnerability in Centreon and Centreon web Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. | 9.8 |
2018-06-25 | CVE-2018-11588 | Cross-site Scripting vulnerability in Centreon and Centreon web Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. | 5.4 |
2018-06-25 | CVE-2018-11587 | Code Injection vulnerability in Centreon and Centreon web There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | 9.8 |