CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3827 – centreon Contact Groups Form formContactGroup.php sql injection
https://notcve.org/view.php?id=CVE-2022-3827
02 Nov 2022 — A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The attack can be initiated remotely. • https://github.com/centreon/centreon/commit/293b10628f7d9f83c6c82c78cf637cbe9b907369 • CWE-707: Improper Neutralization •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42424 – Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42424
07 Oct 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://www.zerodayinitiative.com/advisories/ZDI-22-1395 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42425 – Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42425
07 Oct 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://www.zerodayinitiative.com/advisories/ZDI-22-1396 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42426 – Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42426
07 Oct 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://www.zerodayinitiative.com/advisories/ZDI-22-1397 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42427 – Centreon Contact Group SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42427
07 Oct 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://www.zerodayinitiative.com/advisories/ZDI-22-1398 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42428 – Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42428
07 Oct 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://www.zerodayinitiative.com/advisories/ZDI-22-1399 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-42429 – Centreon Poller Broker SQL Injection Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-42429
07 Oct 2022 — This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. • https://www.zerodayinitiative.com/advisories/ZDI-22-1394 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-39988 – Centreon 22.04.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-39988
01 Oct 2022 — A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en Centreon versión 22.04.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el parámetro Service)Templates service_alias Centreon version 22.04.0 suffers from a persistent cross site scripting... • http://packetstormsecurity.com/files/168585/Centreon-22.04.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-36194 – Centreon 22.04.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-36194
25 Aug 2022 — Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. Centreon versión 22.04.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) desde la función Pollers ) Broker Configuration al añadir una carga útil diseñada en el parámetro name Centreon version 22.04.0 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/168149/Centreon-22.04.0-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •