Vulnerabilities > Centreon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-08 | CVE-2018-21021 | SQL Injection vulnerability in Centreon web img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | 8.8 |
| 2019-10-08 | CVE-2018-21020 | Improper Input Validation vulnerability in Centreon web In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | 7.5 |
| 2019-09-25 | CVE-2019-16194 | SQL Injection vulnerability in Centreon SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | 9.8 |
| 2019-07-01 | CVE-2019-13024 | Command Injection vulnerability in Centreon 19.04.0 Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands). | 8.8 |
| 2018-11-16 | CVE-2018-19312 | SQL Injection vulnerability in Centreon 3.4.0/3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | 8.8 |
| 2018-11-16 | CVE-2018-19311 | Cross-site Scripting vulnerability in Centreon 3.4.0/3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | 5.4 |
| 2018-11-14 | CVE-2018-19281 | SQL Injection vulnerability in Centreon 3.4 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | 9.8 |
| 2018-11-14 | CVE-2018-19280 | Cross-site Scripting vulnerability in Centreon 3.4.0/3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | 6.1 |
| 2018-11-14 | CVE-2018-19271 | SQL Injection vulnerability in Centreon 3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. | 8.8 |
| 2018-06-25 | CVE-2018-11589 | SQL Injection vulnerability in Centreon and Centreon web Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. | 9.8 |