Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
centreon centreon 3.4.6
centreon centreon 3.4.1