Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-16195
Centreon prior to 2.8.30, 18.x prior to 18.10.8, and 19.x prior to 19.04.5 allows XSS via myAccount alias and name fields.
Centreon Centreon
8.8
CVSSv3
CVE-2019-17642
An issue exists in Centreon prior to 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin.
Centreon Centreon
7.5
CVSSv3
CVE-2019-17643
An issue exists in Centreon prior to 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php.
Centreon Centreon
7.5
CVSSv3
CVE-2019-17644
An issue exists in Centreon prior to 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php.
Centreon Centreon
9.8
CVSSv3
CVE-2018-21024
licenseUpload.php in Centreon Web prior to 2.8.27 allows malicious users to upload arbitrary files via a POST request.
Centreon Centreon
NA
CVE-2015-1560
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and previous versions (fixed in Centreon web 2.7.0) allows remote malicious users to execute arbitrary SQL commands via the sid parameter to in...
Centreon Centreon
1 EDB exploit
3 Github repositories
8.8
CVSSv3
CVE-2018-21021
img_gantt.php in Centreon Web prior to 2.8.27 allows malicious users to perform SQL injections via the host_id parameter.
Centreon Centreon Web
5.4
CVSSv3
CVE-2022-36194
Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.
Centreon Centreon 22.04.0
NA
CVE-2007-6485
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote malicious users to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
Centreon Centreon 1.4.1
1 EDB exploit
5.3
CVSSv3
CVE-2019-17105
The token generator in index.php in Centreon Web prior to 2.8.27 is predictable.
Centreon Centreon Web
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »