Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon centreon web vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2021-26804
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote malicious users to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
Centreon Centreon Web 19.10.18
Centreon Centreon Web 20.04.8
Centreon Centreon Web 20.10.2
668
VMScore
CVE-2018-11587
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
Centreon Centreon Web 2.8.23
Centreon Centreon 3.4.6
312
VMScore
CVE-2018-11588
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArgu...
Centreon Centreon Web 2.8.23
Centreon Centreon 3.4.6
668
VMScore
CVE-2018-11589
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplat...
Centreon Centreon Web 2.8.23
Centreon Centreon 3.4.6
578
VMScore
CVE-2019-15300
A problem was found in Centreon Web up to and including 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
Centreon Centreon Web
578
VMScore
CVE-2019-15298
A problem was found in Centreon Web up to and including 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management featu...
Centreon Centreon Web
578
VMScore
CVE-2019-15299
An issue exists in Centreon Web up to and including 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication.
Centreon Centreon Web
578
VMScore
CVE-2018-21021
img_gantt.php in Centreon Web prior to 2.8.27 allows malicious users to perform SQL injections via the host_id parameter.
Centreon Centreon Web
445
VMScore
CVE-2019-17105
The token generator in index.php in Centreon Web prior to 2.8.27 is predictable.
Centreon Centreon Web
356
VMScore
CVE-2019-17106
In Centreon Web up to and including 2.8.29, disclosure of external components' passwords allows authenticated malicious users to move laterally to external components.
Centreon Centreon Web
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »