Centreon Web
by Centreon
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-55573 | 0.00 | — | 0.00 | Jan 23, 2025 | An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics. | |||
| CVE-2024-32501 | 0.00 | — | 0.04 | Aug 23, 2024 | A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||
| CVE-2024-39841 | 0.00 | — | 0.00 | Aug 23, 2024 | A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||
| CVE-2024-33854 | 0.00 | — | 0.00 | Aug 23, 2024 | A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||
| CVE-2024-33852 | 0.00 | — | 0.00 | Aug 23, 2024 | A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||
| CVE-2024-33853 | 0.00 | — | 0.00 | Aug 23, 2024 | A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. | |||
| CVE-2018-21024 | 0.00 | — | 0.00 | Oct 8, 2019 | licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. | |||
| CVE-2018-21023 | 0.00 | — | 0.02 | Oct 8, 2019 | getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | |||
| CVE-2018-21022 | 0.00 | — | 0.00 | Oct 8, 2019 | makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | |||
| CVE-2018-21021 | 0.00 | — | 0.00 | Oct 8, 2019 | img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | |||
| CVE-2018-19312 | 0.00 | — | 0.00 | Nov 16, 2018 | Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. | |||
| CVE-2018-19281 | 0.00 | — | 0.00 | Nov 14, 2018 | Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. | |||
| CVE-2018-19271 | 0.00 | — | 0.00 | Nov 14, 2018 | Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. | |||
| CVE-2018-11589 | 0.00 | — | 0.00 | Jun 25, 2018 | Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in… |
- CVE-2024-55573Jan 23, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.
- CVE-2024-32501Aug 23, 2024risk 0.00cvss —epss 0.04
A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
- CVE-2024-39841Aug 23, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
- CVE-2024-33854Aug 23, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
- CVE-2024-33852Aug 23, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
- CVE-2024-33853Aug 23, 2024risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
- CVE-2018-21024Oct 8, 2019risk 0.00cvss —epss 0.00
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
- CVE-2018-21023Oct 8, 2019risk 0.00cvss —epss 0.02
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
- CVE-2018-21022Oct 8, 2019risk 0.00cvss —epss 0.00
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
- CVE-2018-21021Oct 8, 2019risk 0.00cvss —epss 0.00
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
- CVE-2018-19312Nov 16, 2018risk 0.00cvss —epss 0.00
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
- CVE-2018-19281Nov 14, 2018risk 0.00cvss —epss 0.00
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
- CVE-2018-19271Nov 14, 2018risk 0.00cvss —epss 0.00
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
- CVE-2018-11589Jun 25, 2018risk 0.00cvss —epss 0.00
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in…