Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon web vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-26804
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote malicious users to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
Centreon Centreon Web 19.10.18
Centreon Centreon Web 20.04.8
Centreon Centreon Web 20.10.2
9.8
CVSSv3
CVE-2018-11587
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
Centreon Centreon Web 2.8.23
Centreon Centreon 3.4.6
5.4
CVSSv3
CVE-2018-11588
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArgu...
Centreon Centreon Web 2.8.23
Centreon Centreon 3.4.6
9.8
CVSSv3
CVE-2018-11589
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplat...
Centreon Centreon Web 2.8.23
Centreon Centreon 3.4.6
8.8
CVSSv3
CVE-2019-15299
An issue exists in Centreon Web up to and including 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.
Centreon Centreon Web
6.5
CVSSv3
CVE-2019-17106
In Centreon Web up to and including 2.8.29, disclosure of external components' passwords allows authenticated malicious users to move laterally to external components.
Centreon Centreon Web
8.8
CVSSv3
CVE-2018-21022
makeXML_ListServices.php in Centreon Web prior to 2.8.28 allows malicious users to perform SQL injections via the host_id parameter.
Centreon Centreon Web
8.8
CVSSv3
CVE-2018-21023
getStats.php in Centreon Web prior to 2.8.28 allows authenticated malicious users to execute arbitrary code via the ns_id parameter.
Centreon Centreon Web
8.8
CVSSv3
CVE-2019-15298
A problem was found in Centreon Web up to and including 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management featu...
Centreon Centreon Web
8.8
CVSSv3
CVE-2019-15300
A problem was found in Centreon Web up to and including 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
Centreon Centreon Web
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »