Vulnerabilities (CVE)

Filtered by vendor Centreon Subscribe
Total 76 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-21020 1 Centreon 1 Centreon Web 2024-11-21 5.0 MEDIUM 7.5 HIGH
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
CVE-2018-19312 1 Centreon 1 Centreon 2024-11-21 6.5 MEDIUM 8.8 HIGH
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19311 1 Centreon 1 Centreon 2024-11-21 3.5 LOW 5.4 MEDIUM
Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19281 1 Centreon 1 Centreon 2024-11-21 7.5 HIGH 9.8 CRITICAL
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
CVE-2018-19280 1 Centreon 1 Centreon 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19271 1 Centreon 1 Centreon 2024-11-21 6.5 MEDIUM 8.8 HIGH
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
CVE-2018-11589 1 Centreon 2 Centreon, Centreon Web 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.
CVE-2018-11588 1 Centreon 2 Centreon, Centreon Web 2024-11-21 3.5 LOW 5.4 MEDIUM
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.
CVE-2018-11587 1 Centreon 2 Centreon, Centreon Web 2024-11-21 7.5 HIGH 9.8 CRITICAL
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
CVE-2015-7672 1 Centreon 1 Centreon 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27).
CVE-2015-1561 1 Centreon 1 Centreon 2024-11-21 6.5 MEDIUM N/A
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.
CVE-2015-1560 1 Centreon 1 Centreon 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.
CVE-2008-1179 1 Centreon 1 Centreon 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information.
CVE-2008-1178 1 Centreon 1 Centreon 2024-11-21 4.3 MEDIUM N/A
Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119.
CVE-2008-1119 1 Centreon 1 Centreon 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
CVE-2007-6485 1 Centreon 1 Centreon 2024-11-21 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.