CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-16195
https://notcve.org/view.php?id=CVE-2019-16195
Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. Centreon versiones anteriores a la versión 2.8.30, versiones 18.x anteriores a 18.10.8 y versiones 19.x anteriores a 19.04.5, permite un ataque de tipo XSS por medio de un alias myAccount y campos de nombre. • https://github.com/centreon/centreon/pull/7876 https://github.com/centreon/centreon/pull/7877 https://github.com/centreon/centreon/releases/tag/18.10.8 https://github.com/centreon/centreon/releases/tag/19.04.5 https://github.com/centreon/centreon/releases/tag/2.8.30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21024
https://notcve.org/view.php?id=CVE-2018-21024
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request. El archivo licenseUpload.php en Centreon Web versiones anteriores a 2.8.27, permite a atacantes cargar archivos arbitrarios por medio de una petición POST. • http://www.openwall.com/lists/oss-security/2019/10/09/2 https://github.com/centreon/centreon/pull/7085 https://www.openwall.com/lists/oss-security/2019/10/08/1 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16194
https://notcve.org/view.php?id=CVE-2019-16194
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. Unas vulnerabilidades de inyección SQL en Centreon versiones hasta 19.04, permiten ataques por medio del parámetro svc_id en el archivo include/tracking/status/Services/xml/makeXMLForOneService.php. • https://github.com/centreon/centreon/pull/7862 https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7672
https://notcve.org/view.php?id=CVE-2015-7672
Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). Una vulnerabilidad de tipo cross-site scripting (XSS) en Centreon versión 2.6.1 (corregido en Centreon versión 18.10.0 y Centreon web versión 2.8.27). • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.27.html https://github.com/centreon/centreon/pull/6637 https://github.com/centreon/centreon/pull/6953 https://www.youtube.com/watch?v=sIONzwQAngU • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-1560 – Centreon 2.5.4 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2015-1560
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php. Una vulnerabilidad de inyección SQL en la función isUserAdmin en el archivo include/common/common-Func.php en Centreon (anteriormente Merethis Centreon) versiones 2.5.4 y anteriores (corregido en Centreon web versión 2.7.0) , permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro sid en el archivo include/common/XmlTree/GetXmlTree.php. Merethis Centreon versions 2.5.4 and below suffer from remote SQL injection and command execution vulnerabilities. • https://www.exploit-db.com/exploits/37528 http://packetstormsecurity.com/files/132607/Merethis-Centreon-2.5.4-SQL-Injection-Remote-Command-Execution.html http://www.securityfocus.com/archive/1/535961/100/0/threaded https://forge.centreon.com/projects/centreon/repository/revisions/d14f213b9c60de1bad0b464fd6403c828cf12582 https://github.com/centreon/centreon/commit/668a928f34dc0f67723d3db138c042eb7f979f28#diff-f69d4a3d3d177d024c22419357c1f4f4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •