Vulnerabilities > Centreon
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2015-7672 | Cross-site Scripting vulnerability in Centreon 2.6.1 Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). | 3.5 |
| 2015-07-14 | CVE-2015-1561 | Command Injection vulnerability in Centreon The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | 6.5 |
| 2015-07-14 | CVE-2015-1560 | SQL Injection vulnerability in Centreon SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php. | 7.5 |
| 2008-03-06 | CVE-2008-1179 | Cross-Site Scripting vulnerability in Centreon Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. | 4.3 |
| 2008-03-06 | CVE-2008-1178 | Path Traversal vulnerability in Centreon Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. | 4.3 |
| 2008-03-03 | CVE-2008-1119 | Path Traversal vulnerability in Centreon Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2007-12-20 | CVE-2007-6485 | Code Injection vulnerability in Centreon 1.4.1 Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/. | 7.5 |