CVE-2018-21023
https://notcve.org/view.php?id=CVE-2018-21023
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. El archivo getStats.php en Centreon Web versiones anteriores a 2.8.28, permite a atacantes autenticados ejecutar código arbitrario por medio del parámetro ns_id. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7083 https://github.com/centreon/centreon/pull/7271 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2018-21022
https://notcve.org/view.php?id=CVE-2018-21022
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. El archivo makeXML_ListServices.php en Centreon Web versiones anteriores a 2.8.28, permite a atacantes realizar inyecciones SQL por medio del parámetro host_id. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7087 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-21021
https://notcve.org/view.php?id=CVE-2018-21021
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. El archivo img_gantt.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes realizar inyecciones SQL por medio del parámetro host_id. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7086 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2018-21020
https://notcve.org/view.php?id=CVE-2018-21020
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. En casos muy raros, una vulnerabilidad de tipo juggling de PHP en el archivo centreonAuth.class.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes omitir los mecanismos de autenticación establecidos. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7084 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-20: Improper Input Validation •
CVE-2018-11589
https://notcve.org/view.php?id=CVE-2018-11589
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. Múltiples vulnerabilidades de inyección SQL en Centreon 3.4.6, incluyendo Centreon Web 2.8.23, permiten ataques mediante el parámetro searchU en viewLogs.php, el parámetro id en GetXmlHost.php, el parámetro chartId en ExportCSVServiceData.php, el parámetro searchCurve en listComponentTemplates.php o el parámetro host_id en makeXML_ListMetrics.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html https://github.com/centreon/centreon/pull/6250 https://github.com/centreon/centreon/pull/6251 https://github.com/centreon/centreon/pull/6255 https://github.com/centreon/centreon/pull/6256 https://github.com/centreon/centreon/pull/6257 https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •