Centreon

centreon

Vendor: Centreon • 59 CVEs

CVEs (59)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-17501 1Centreon 1Centreon Nov 21, 2024 Oct 14, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar...Show more Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same.Show less
CVE-2018-21024 1Centreon 1Centreon Nov 21, 2024 Oct 8, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
CVE-2019-16194 1Centreon 1Centreon Nov 21, 2024 Sep 25, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.
CVE-2019-13024 1Centreon 1Centreon Nov 21, 2024 Jul 1, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to in...Show more Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).Show less
CVE-2018-19312 1Centreon 1Centreon Nov 21, 2024 Nov 16, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19311 1Centreon 1Centreon Nov 21, 2024 Nov 16, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19281 1Centreon 1Centreon Nov 21, 2024 Nov 14, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
CVE-2018-19280 1Centreon 1Centreon Nov 21, 2024 Nov 14, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19271 1Centreon 1Centreon Nov 21, 2024 Nov 14, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
CVE-2018-11589 1Centreon 2Centreon Centreon Web Nov 21, 2024 Jun 25, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServic...Show more Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.Show less
CVE-2018-11588 1Centreon 2Centreon Centreon Web Nov 21, 2024 Jun 25, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php...Show more Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.Show less
CVE-2018-11587 1Centreon 2Centreon Centreon Web Nov 21, 2024 Jun 25, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
CVE-2015-7672 1Centreon 1Centreon May 13, 2026 Sep 7, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27).
CVE-2015-1561 1Centreon 1Centreon May 6, 2026 Jul 14, 2015 N/A· v4 N/A· v3 6.5 MEDIUM· v2 The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows...Show more The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.Show less
CVE-2015-1560 1Centreon 1Centreon May 6, 2026 Jul 14, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitr...Show more SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.Show less
CVE-2008-1179 1Centreon 1Centreon Apr 23, 2026 Mar 6, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) tit...Show more Multiple cross-site scripting (XSS) vulnerabilities in include/common/javascript/color_picker.php in Centreon 1.4.2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) title parameters. NOTE: some of these details are obtained from third party information.Show less
CVE-2008-1178 1Centreon 1Centreon Apr 23, 2026 Mar 6, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Directory traversal vulnerability in include/doc/index.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2008-1119.
CVE-2008-1119 1Centreon 1Centreon Apr 23, 2026 Mar 3, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.
CVE-2007-6485 1Centreon 1Centreon Apr 23, 2026 Dec 20, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusC...Show more Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.Show less

Previous 1 23