CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2019-17108
https://notcve.org/view.php?id=CVE-2019-17108
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. La inclusión de archivos locales en el archivo brokerPerformance.php en Centreon Web versiones anteriores a 2.8.28, permite a atacantes revelar información o realizar un ataque de tipo XSS almacenado sobre un usuario. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7101 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-17107
https://notcve.org/view.php?id=CVE-2019-17107
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. El archivo minPlayCommand.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes autenticados ejecutar código arbitrario por medio del parámetro command_hostaddress. NOTA: algunas fuentes han listado el CVE-2019-17017 para esto, pero eso es incorrecto. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7099 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17106
https://notcve.org/view.php?id=CVE-2019-17106
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. En Centreon Web versiones hasta 2.8.29, la divulgación de las contraseñas de los componentes externos permite a atacantes autenticados moverse lateralmente en los componentes externos. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/issues/7098 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-21023
https://notcve.org/view.php?id=CVE-2018-21023
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. El archivo getStats.php en Centreon Web versiones anteriores a 2.8.28, permite a atacantes autenticados ejecutar código arbitrario por medio del parámetro ns_id. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7083 https://github.com/centreon/centreon/pull/7271 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21022
https://notcve.org/view.php?id=CVE-2018-21022
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. El archivo makeXML_ListServices.php en Centreon Web versiones anteriores a 2.8.28, permite a atacantes realizar inyecciones SQL por medio del parámetro host_id. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7087 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •