Vulnerabilities > Centreon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-26 | CVE-2022-40044 | Cross-site Scripting vulnerability in Centreon 20.10.18 Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. | 5.4 |
| 2022-08-29 | CVE-2022-36194 | Cross-site Scripting vulnerability in Centreon 22.04.0 Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. | 5.4 |
| 2022-08-03 | CVE-2022-34871 | SQL Injection vulnerability in Centreon 21.10.2 This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. | 7.2 |
| 2022-08-03 | CVE-2022-34872 | SQL Injection vulnerability in Centreon 21.10.2 This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. | 6.5 |
| 2021-08-18 | CVE-2020-22345 | OS Command Injection vulnerability in Centreon 19.10.8 /graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter. | 8.8 |
| 2021-08-03 | CVE-2021-37556 | SQL Injection vulnerability in Centreon A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters. | 8.8 |
| 2021-08-03 | CVE-2021-37557 | SQL Injection vulnerability in Centreon A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter. | 8.8 |
| 2021-08-03 | CVE-2021-37558 | SQL Injection vulnerability in Centreon A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. | 9.8 |
| 2021-07-16 | CVE-2021-28053 | SQL Injection vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. | 8.8 |
| 2021-07-16 | CVE-2021-28054 | Cross-site Scripting vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. | 5.4 |