Vulnerabilities > Centreon > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-03 CVE-2021-37556 SQL Injection vulnerability in Centreon
A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.
network
low complexity
centreon CWE-89
8.8
8.8
2021-08-03 CVE-2021-37557 SQL Injection vulnerability in Centreon
A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.
network
low complexity
centreon CWE-89
8.8
8.8
2021-07-16 CVE-2021-28053 SQL Injection vulnerability in Centreon 20.10.0
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0.
network
low complexity
centreon CWE-89
8.8
8.8
2021-02-15 CVE-2020-22425 SQL Injection vulnerability in Centreon 19.10
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
network
low complexity
centreon CWE-89
8.8
8.8
2020-05-21 CVE-2020-13252 OS Command Injection vulnerability in Centreon
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page.
network
low complexity
centreon CWE-78
8.8
8.8
2020-04-06 CVE-2019-19699 Improper Privilege Management vulnerability in Centreon
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day.
network
low complexity
centreon CWE-269
7.2
7.2
2020-03-20 CVE-2019-19487 OS Command Injection vulnerability in Centreon
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.
network
low complexity
centreon CWE-78
8.8
8.8
2020-03-05 CVE-2019-17646 Forced Browsing vulnerability in Centreon
An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2.
network
low complexity
centreon CWE-425
7.5
7.5
2020-03-05 CVE-2019-17645 Forced Browsing vulnerability in Centreon
An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3.
network
low complexity
centreon CWE-425
7.5
7.5
2020-03-05 CVE-2019-17642 OS Command Injection vulnerability in Centreon
An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2.
network
low complexity
centreon CWE-78
8.8
8.8