CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19312
https://notcve.org/view.php?id=CVE-2018-19312
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0 y Centreon web versión 2.8.24), permite una inyección SQL por medio del parámetro searchVM en el URI main.php?p=20408. • http://www.roothc.com.br/1349-2 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html https://github.com/centreon/centreon/pull/6257 https://github.com/centreon/centreon/pull/6628 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19311
https://notcve.org/view.php?id=CVE-2018-19311
Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0), permite un ataque de tipo XSS por medio del campo Service en el URI main.php?p=20201, como es demostrado mediante la pantalla "Monitoring ) Status Details ) Services". • http://www.roothc.com.br/1349-2 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://github.com/centreon/centreon/pull/6632 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19280
https://notcve.org/view.php?id=CVE-2018-19280
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0), presenta una vulnerabilidad de tipo XSS por medio del nombre de recurso o una expresión macro de una macro de sondeo. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://github.com/centreon/centreon/pull/6626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19281
https://notcve.org/view.php?id=CVE-2018-19281
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0 y Centreon web versión 2.8.27), permite una Inyección SQL de la captura de SNMP. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.27.html https://github.com/centreon/centreon/pull/6627 https://github.com/centreon/centreon/pull/7069 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19271
https://notcve.org/view.php?id=CVE-2018-19271
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0 y Centreon web versión 2.8.28), permite una Inyección SQL por medio del archivo main.php en el parámetro searchH. • http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.28.html https://github.com/centreon/centreon/pull/6625 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •