Vulnerabilities > Centreon > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-03 | CVE-2023-51633 | Cross-site Scripting vulnerability in Centreon web Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. | 9.6 |
| 2022-11-02 | CVE-2022-3827 | Unspecified vulnerability in Centreon A vulnerability was found in centreon. | 9.8 |
| 2021-08-03 | CVE-2021-37558 | SQL Injection vulnerability in Centreon A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. | 9.8 |
| 2020-03-05 | CVE-2019-17647 | SQL Injection vulnerability in Centreon An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. | 9.8 |
| 2019-10-08 | CVE-2018-21024 | Unrestricted Upload of File with Dangerous Type vulnerability in Centreon licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | 9.8 |
| 2019-10-08 | CVE-2018-21025 | Improper Privilege Management vulnerability in Centreon VM 19.04.2/19.04.3 In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files. | 9.8 |
| 2019-09-25 | CVE-2019-16194 | SQL Injection vulnerability in Centreon SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | 9.8 |
| 2018-11-14 | CVE-2018-19281 | SQL Injection vulnerability in Centreon 3.4 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | 9.8 |
| 2018-06-25 | CVE-2018-11589 | SQL Injection vulnerability in Centreon and Centreon web Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. | 9.8 |
| 2018-06-25 | CVE-2018-11587 | Code Injection vulnerability in Centreon and Centreon web There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. | 9.8 |