VYPR
Vendor

Centreon

Products
2
CVEs
117
Across products
119
Status
Private

Products

2

Recent CVEs

117
View all 117 CVEs →
  • CVE-2025-8432HigOct 27, 2025
    risk 0.55cvss 8.4epss 0.00

    Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from…

  • CVE-2024-45757HigDec 3, 2024
    risk 0.47cvss 7.2epss 0.00

    An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access.

  • CVE-2024-45756HigNov 25, 2024
    risk 0.47cvss 7.2epss 0.00

    An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to create a ticket. Exploitation is only accessible to…

  • CVE-2025-3767HigApr 22, 2025
    risk 0.40cvss 7.2epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible to authenticated users with high privileges. This issue affects Centreon BAM:…

  • CVE-2024-45755HigNov 25, 2024
    risk 0.40cvss 7.2epss 0.00

    An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only…

  • CVE-2024-45754HigOct 11, 2024
    risk 0.40cvss 7.2epss 0.00

    An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection can occur in the listing of configured reporting jobs. Exploitation is only…

  • CVE-2024-47863MedNov 22, 2024
    risk 0.33cvss 6.2epss 0.01

    An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is only accessible to…

  • CVE-2015-7672MedSep 7, 2017
    risk 0.28cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27).

  • CVE-2025-5946Oct 14, 2025
    risk 0.06cvss epss 0.14

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection. On the poller parameters page, a user with high privilege is able…

  • CVE-2024-5723Aug 21, 2024
    risk 0.06cvss epss 0.41

    Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within…

  • CVE-2019-19699Apr 6, 2020
    risk 0.06cvss epss 0.27

    There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at…

  • CVE-2019-13024Jul 1, 2019
    risk 0.06cvss epss 0.32

    Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it…

  • CVE-2022-42425Mar 29, 2023
    risk 0.05cvss epss 0.76

    This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results…

  • CVE-2022-42428Mar 29, 2023
    risk 0.05cvss epss 0.03

    This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results…

  • CVE-2022-42424Mar 29, 2023
    risk 0.05cvss epss 0.76

    This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results…

  • CVE-2022-42426Mar 29, 2023
    risk 0.05cvss epss 0.03

    This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results…

  • CVE-2022-42427Mar 29, 2023
    risk 0.05cvss epss 0.76

    This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper…

  • CVE-2022-42429Mar 29, 2023
    risk 0.05cvss epss 0.78

    This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results…

  • CVE-2024-5725Aug 21, 2024
    risk 0.04cvss epss 0.48

    Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…

  • CVE-2008-1119Mar 3, 2008
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in include/doc/get_image.php in Centreon 1.4.2.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter.