CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33852
https://notcve.org/view.php?id=CVE-2024-33852
23 Aug 2024 — A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. • https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33853
https://notcve.org/view.php?id=CVE-2024-33853
23 Aug 2024 — A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. • https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33854
https://notcve.org/view.php?id=CVE-2024-33854
23 Aug 2024 — A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. • https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39841 – Centreon testServiceExistence SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-39841
15 Jul 2024 — A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the testServiceExistence function. The issue results from the lack of proper validation of a user-supplied string b... • https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-26804
https://notcve.org/view.php?id=CVE-2021-26804
04 May 2021 — Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application. Los permisos no seguros en Centreon Web versiones 19.10.18, 20.04.8 y 20.10.2, permiten a atacantes remotos omitir la comprobación al cambiar cualquier extensión de archivo a ".gif" y luego cargándola en la sección de la aplicación "Administration/ Parameter... • https://medium.com/%40pedro.ferreira.phf/vulnerability-affecting-some-versions-of-centreon-2b34bd6dc621 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15299
https://notcve.org/view.php?id=CVE-2019-15299
24 Feb 2020 — An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. Se detectó un problema en Centreon Web versiones hasta 19.04.3. Cuando un usuario cambia su contraseña sobre su página de perfil, el campo contact_autologin_key en la base de datos pasa a blanco cuando debería ser NULL. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 3%CPEs: 4EXPL: 0CVE-2019-15298
https://notcve.org/view.php?id=CVE-2019-15298
27 Nov 2019 — A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-15300
https://notcve.org/view.php?id=CVE-2019-15300
27 Nov 2019 — A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. Se encontró un problema en Centreon Web versiones hasta la versión 19.04.3. Una inyección SQL autenticada está presente en la página include/Administration/parameters/ldap/xml/ldap_host.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16406
https://notcve.org/view.php?id=CVE-2019-16406
21 Nov 2019 — Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. Centreon Web versión 19.04.4, presenta permisos débiles dentro de los archivos OVA (también se conoce como máquina virtual VMware) y OVF (también se conoce como máquina virtual VirtualBox), permitiendo a atacantes conseguir privilegios por medio de un archivo ... • https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 4CVE-2019-16405 – Centreon 19.04 - Authenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-16405
21 Nov 2019 — Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same. Centreon Web anterior a la versión 2.8.30, 18.10.x anterior a la versión 18.10.8, 19.04.x anterior a la versión 19.04.5 y 19.10.x anterior a la versión 19.10.2 permite la ejecución remota de código por parte de un administrador ... • https://www.exploit-db.com/exploits/47948 •