Vulnerabilities > Centreon > Centreon WEB > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-5723 Unspecified vulnerability in Centreon web
Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability.
network
low complexity
centreon
8.8
2024-08-21 CVE-2024-5725 Unspecified vulnerability in Centreon web
Centreon initCurveList SQL Injection Remote Code Execution Vulnerability.
network
low complexity
centreon
8.8
2020-02-24 CVE-2019-15299 Improper Authentication vulnerability in Centreon web
An issue was discovered in Centreon Web through 19.04.3.
network
low complexity
centreon CWE-287
8.8
2019-11-27 CVE-2019-15300 SQL Injection vulnerability in Centreon web
A problem was found in Centreon Web through 19.04.3.
network
low complexity
centreon CWE-89
8.8
2019-11-27 CVE-2019-15298 OS Command Injection vulnerability in Centreon web
A problem was found in Centreon Web through 19.04.3.
network
low complexity
centreon CWE-78
8.8
2019-11-21 CVE-2019-16406 Incorrect Permission Assignment for Critical Resource vulnerability in Centreon web 19.04.4
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron.
local
low complexity
centreon CWE-732
7.8
2019-11-21 CVE-2019-16405 Unspecified vulnerability in Centreon web
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings.
network
low complexity
centreon
7.2
2019-10-08 CVE-2019-17107 OS Command Injection vulnerability in Centreon web
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter.
network
low complexity
centreon CWE-78
8.8
2019-10-08 CVE-2018-21023 Code Injection vulnerability in Centreon web
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
network
low complexity
centreon CWE-94
8.8
2019-10-08 CVE-2018-21022 SQL Injection vulnerability in Centreon web
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
network
low complexity
centreon CWE-89
8.8