Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28055 | 1 Centreon | 1 Centreon | 2021-05-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user. | |||||
| CVE-2020-22425 | 1 Centreon | 1 Centreon | 2021-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. | |||||
| CVE-2019-17642 | 1 Centreon | 1 Centreon | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin. | |||||
| CVE-2020-10945 | 1 Centreon | 2 Centreon, Widget-host-monitoring | 2020-08-03 | 3.3 LOW | 4.3 MEDIUM |
| Centreon before 19.10.7 exposes Session IDs in server responses. | |||||
| CVE-2020-13252 | 1 Centreon | 1 Centreon | 2020-05-21 | 9.0 HIGH | 8.8 HIGH |
| Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. | |||||
| CVE-2019-19699 | 1 Centreon | 1 Centreon | 2020-04-06 | 9.0 HIGH | 7.2 HIGH |
| There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration. | |||||
| CVE-2019-19486 | 1 Centreon | 1 Centreon | 2020-03-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. | |||||
| CVE-2019-19487 | 1 Centreon | 1 Centreon | 2020-03-24 | 6.5 MEDIUM | 8.8 HIGH |
| Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | |||||
| CVE-2019-19484 | 1 Centreon | 1 Centreon | 2020-03-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect via parameter āpā in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | |||||
| CVE-2019-17647 | 1 Centreon | 1 Centreon | 2020-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. | |||||
| CVE-2020-9463 | 1 Centreon | 1 Centreon | 2020-03-03 | 9.0 HIGH | 8.8 HIGH |
| Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request. | |||||
| CVE-2019-17501 | 1 Centreon | 1 Centreon | 2019-12-18 | 9.0 HIGH | 8.8 HIGH |
| Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same. | |||||
| CVE-2019-16195 | 1 Centreon | 1 Centreon | 2019-12-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. | |||||
| CVE-2018-21024 | 1 Centreon | 1 Centreon | 2019-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | |||||
| CVE-2019-16194 | 1 Centreon | 1 Centreon | 2019-09-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. | |||||
| CVE-2015-1561 | 1 Centreon | 1 Centreon | 2019-07-30 | 6.5 MEDIUM | N/A |
| The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter. | |||||
| CVE-2015-1560 | 1 Centreon | 1 Centreon | 2019-07-30 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php. | |||||
| CVE-2018-19312 | 1 Centreon | 1 Centreon | 2019-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | |||||
| CVE-2015-7672 | 1 Centreon | 1 Centreon | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). | |||||
| CVE-2018-19311 | 1 Centreon | 1 Centreon | 2019-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | |||||