Vulnerabilities > Centreon > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-41142 | SQL Injection vulnerability in Centreon 22.04.2 This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. | 8.8 |
| 2022-09-26 | CVE-2022-40043 | SQL Injection vulnerability in Centreon 20.10.18 Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. | 8.8 |
| 2021-08-03 | CVE-2021-37558 | SQL Injection vulnerability in Centreon A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. | 7.5 |
| 2021-02-15 | CVE-2020-22425 | SQL Injection vulnerability in Centreon 19.10 Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. | 8.8 |
| 2020-03-20 | CVE-2019-19487 | OS Command Injection vulnerability in Centreon Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | 8.8 |
| 2020-03-05 | CVE-2019-17647 | SQL Injection vulnerability in Centreon An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. | 7.5 |
| 2020-01-16 | CVE-2019-20327 | Improper Privilege Management vulnerability in Centreon Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. | 7.2 |
| 2019-11-21 | CVE-2019-16406 | Incorrect Permission Assignment for Critical Resource vulnerability in Centreon web 19.04.4 Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | 7.2 |
| 2019-10-08 | CVE-2018-21024 | Unrestricted Upload of File with Dangerous Type vulnerability in Centreon licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | 7.5 |
| 2019-09-25 | CVE-2019-16194 | SQL Injection vulnerability in Centreon SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | 7.5 |