Vulnerabilities > Centreon > Centreon WEB

DATE CVE VULNERABILITY TITLE RISK
2019-10-08 CVE-2019-17108 Cross-site Scripting vulnerability in Centreon web
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
network
low complexity
centreon CWE-79
6.1
2019-10-08 CVE-2019-17107 OS Command Injection vulnerability in Centreon web
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter.
network
low complexity
centreon CWE-78
8.8
2019-10-08 CVE-2019-17106 Cleartext Storage of Sensitive Information vulnerability in Centreon web
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
network
low complexity
centreon CWE-312
6.5
2019-10-08 CVE-2018-21023 Code Injection vulnerability in Centreon web
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
network
low complexity
centreon CWE-94
8.8
2019-10-08 CVE-2018-21022 SQL Injection vulnerability in Centreon web
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
network
low complexity
centreon CWE-89
8.8
2019-10-08 CVE-2018-21021 SQL Injection vulnerability in Centreon web
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
network
low complexity
centreon CWE-89
8.8
2019-10-08 CVE-2018-21020 Improper Input Validation vulnerability in Centreon web
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
network
low complexity
centreon CWE-20
7.5
2018-06-25 CVE-2018-11589 SQL Injection vulnerability in Centreon and Centreon web
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.
network
low complexity
centreon CWE-89
critical
9.8
2018-06-25 CVE-2018-11588 Cross-site Scripting vulnerability in Centreon and Centreon web
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS.
network
low complexity
centreon CWE-79
5.4
2018-06-25 CVE-2018-11587 Code Injection vulnerability in Centreon and Centreon web
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
network
low complexity
centreon CWE-94
critical
9.8