Vulnerabilities > Centreon > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-16 | CVE-2018-19312 | SQL Injection vulnerability in Centreon 3.4.0/3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | 6.5 |
2018-11-14 | CVE-2018-19280 | Cross-site Scripting vulnerability in Centreon 3.4.0/3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. | 4.3 |
2018-11-14 | CVE-2018-19271 | SQL Injection vulnerability in Centreon 3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. | 6.5 |
2015-07-14 | CVE-2015-1561 | Command Injection vulnerability in Centreon The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | 6.5 |
2008-03-06 | CVE-2008-1179 | Cross-Site Scripting vulnerability in Centreon Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. | 4.3 |
2008-03-06 | CVE-2008-1178 | Path Traversal vulnerability in Centreon Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. | 4.3 |
2008-03-03 | CVE-2008-1119 | Path Traversal vulnerability in Centreon Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |