Vulnerabilities > Centreon

DATE CVE VULNERABILITY TITLE RISK
2022-11-02 CVE-2022-3827 Unspecified vulnerability in Centreon
A vulnerability was found in centreon.
network
low complexity
centreon
critical
9.8
2022-10-06 CVE-2022-39988 Cross-site Scripting vulnerability in Centreon 22.04.0
A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter.
network
low complexity
centreon CWE-79
5.4
2022-09-26 CVE-2022-40043 SQL Injection vulnerability in Centreon 20.10.18
Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.
network
low complexity
centreon CWE-89
8.8
2022-09-26 CVE-2022-40044 Cross-site Scripting vulnerability in Centreon 20.10.18
Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.
network
low complexity
centreon CWE-79
5.4
2022-08-29 CVE-2022-36194 Cross-site Scripting vulnerability in Centreon 22.04.0
Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.
network
low complexity
centreon CWE-79
5.4
2022-08-03 CVE-2022-34871 Unspecified vulnerability in Centreon 21.10.2
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon.
network
low complexity
centreon
7.2
2022-08-03 CVE-2022-34872 Unspecified vulnerability in Centreon 21.10.2
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon.
network
low complexity
centreon
6.5
2021-08-18 CVE-2020-22345 OS Command Injection vulnerability in Centreon 19.10.8
/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.
network
low complexity
centreon CWE-78
8.8
2021-08-03 CVE-2021-37556 SQL Injection vulnerability in Centreon
A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.
network
low complexity
centreon CWE-89
8.8
2021-08-03 CVE-2021-37557 SQL Injection vulnerability in Centreon
A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.
network
low complexity
centreon CWE-89
8.8