Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
centreon web vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-26804
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote malicious users to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
Centreon Centreon Web 19.10.18
Centreon Centreon Web 20.04.8
Centreon Centreon Web 20.10.2
9.8
CVSSv3
CVE-2018-11587
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
Centreon Centreon Web 2.8.23
Centreon Centreon 3.4.6
5.4
CVSSv3
CVE-2018-11588
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArgu...
Centreon Centreon Web 2.8.23
Centreon Centreon 3.4.6
9.8
CVSSv3
CVE-2018-11589
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplat...
Centreon Centreon Web 2.8.23
Centreon Centreon 3.4.6
7.5
CVSSv3
CVE-2018-21020
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web prior to 2.8.27 allows malicious users to bypass authentication mechanisms in place.
Centreon Centreon Web
6.1
CVSSv3
CVE-2019-17108
Local file inclusion in brokerPerformance.php in Centreon Web prior to 2.8.28 allows malicious users to disclose information or perform a stored XSS attack on a user.
Centreon Centreon Web
8.8
CVSSv3
CVE-2019-15298
A problem was found in Centreon Web up to and including 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management featu...
Centreon Centreon Web
8.8
CVSSv3
CVE-2019-15300
A problem was found in Centreon Web up to and including 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.
Centreon Centreon Web
7.2
CVSSv3
CVE-2019-16405
Centreon Web prior to 2.8.30, 18.10.x prior to 18.10.8, 19.04.x prior to 19.04.5 and 19.10.x prior to 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may b...
Centreon Centreon Web
5.3
CVSSv3
CVE-2019-17105
The token generator in index.php in Centreon Web prior to 2.8.27 is predictable.
Centreon Centreon Web
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »