Vulnerabilities > Centreon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-08 | CVE-2018-21024 | Unrestricted Upload of File with Dangerous Type vulnerability in Centreon licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | 7.5 |
| 2019-10-08 | CVE-2019-17108 | Cross-site Scripting vulnerability in Centreon web Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | 4.3 |
| 2019-10-08 | CVE-2019-17107 | Code Injection vulnerability in Centreon web minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. | 6.5 |
| 2019-10-08 | CVE-2019-17106 | Cleartext Storage of Sensitive Information vulnerability in Centreon web In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. | 4.0 |
| 2019-10-08 | CVE-2019-17104 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Centreon VM 19.04.2/19.04.3 In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set. | 5.0 |
| 2019-10-08 | CVE-2018-21025 | Improper Privilege Management vulnerability in Centreon VM 19.04.2/19.04.3 In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | 10.0 |
| 2019-10-08 | CVE-2018-21023 | Code Injection vulnerability in Centreon web getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | 6.5 |
| 2019-10-08 | CVE-2018-21022 | SQL Injection vulnerability in Centreon web makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | 6.5 |
| 2019-10-08 | CVE-2018-21021 | SQL Injection vulnerability in Centreon web img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | 6.5 |
| 2019-10-08 | CVE-2018-21020 | Improper Input Validation vulnerability in Centreon web In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | 5.0 |