Vulnerabilities > Centreon > Centreon > 3.4.6

DATE CVE VULNERABILITY TITLE RISK
2020-01-16 CVE-2019-20327 Improper Privilege Management vulnerability in Centreon
Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges.
local
low complexity
centreon CWE-269
7.2
7.2
2019-09-25 CVE-2019-16194 SQL Injection vulnerability in Centreon
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.
network
low complexity
centreon CWE-89
7.5
7.5
2018-11-16 CVE-2018-19312 SQL Injection vulnerability in Centreon 3.4.0/3.4.1/3.4.6
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
network
low complexity
centreon CWE-89
6.5
6.5
2018-11-16 CVE-2018-19311 Cross-site Scripting vulnerability in Centreon 3.4.0/3.4.1/3.4.6
Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
network
centreon CWE-79
3.5
3.5
2018-11-14 CVE-2018-19280 Cross-site Scripting vulnerability in Centreon 3.4.0/3.4.1/3.4.6
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro.
network
centreon CWE-79
4.3
4.3
2018-11-14 CVE-2018-19271 SQL Injection vulnerability in Centreon 3.4.1/3.4.6
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
network
low complexity
centreon CWE-89
6.5
6.5
2018-06-25 CVE-2018-11589 SQL Injection vulnerability in Centreon and Centreon web
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.
network
low complexity
centreon CWE-89
7.5
7.5
2018-06-25 CVE-2018-11588 Cross-site Scripting vulnerability in Centreon and Centreon web
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS.
network
centreon CWE-79
3.5
3.5
2018-06-25 CVE-2018-11587 Code Injection vulnerability in Centreon and Centreon web
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
network
low complexity
centreon CWE-94
7.5
7.5