CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21021
https://notcve.org/view.php?id=CVE-2018-21021
08 Oct 2019 — img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. El archivo img_gantt.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes realizar inyecciones SQL por medio del parámetro host_id. • http://www.openwall.com/lists/oss-security/2019/10/09/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21020
https://notcve.org/view.php?id=CVE-2018-21020
08 Oct 2019 — In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. En casos muy raros, una vulnerabilidad de tipo juggling de PHP en el archivo centreonAuth.class.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes omitir los mecanismos de autenticación establecidos. • http://www.openwall.com/lists/oss-security/2019/10/09/2 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11589
https://notcve.org/view.php?id=CVE-2018-11589
25 Jun 2018 — Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. Múltiples vulnerabilidades de inyección SQL en Centreon 3.4.6, incluyendo Centreon Web 2.8.23, permiten ataques mediante el parámetro searchU en viewLogs.php, el parámetro... • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2018-11587
https://notcve.org/view.php?id=CVE-2018-11587
25 Jun 2018 — There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Hay una ejecución remota de código en Centreon 3.4.6, incluyendo Centreon Web 2.8.23 mediante el valor RPN en el formulario Virtual Metric en centreonGraph.class.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11588
https://notcve.org/view.php?id=CVE-2018-11588
25 Jun 2018 — Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. Centreon 3.4.6 incluyendo Centreon Web 2.8.23 es vulnerable a que un usuario autenticado inyecte una carga útil en la descripción del nombre de usuario o del comando, lo que resulta en Cross-Site Scripting (XSS) persisten... • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •