CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19280
https://notcve.org/view.php?id=CVE-2018-19280
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0), presenta una vulnerabilidad de tipo XSS por medio del nombre de recurso o una expresión macro de una macro de sondeo. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://github.com/centreon/centreon/pull/6626 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19281
https://notcve.org/view.php?id=CVE-2018-19281
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0 y Centreon web versión 2.8.27), permite una Inyección SQL de la captura de SNMP. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.27.html https://github.com/centreon/centreon/pull/6627 https://github.com/centreon/centreon/pull/7069 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19271
https://notcve.org/view.php?id=CVE-2018-19271
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0 y Centreon web versión 2.8.28), permite una Inyección SQL por medio del archivo main.php en el parámetro searchH. • http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.28.html https://github.com/centreon/centreon/pull/6625 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11589
https://notcve.org/view.php?id=CVE-2018-11589
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. Múltiples vulnerabilidades de inyección SQL en Centreon 3.4.6, incluyendo Centreon Web 2.8.23, permiten ataques mediante el parámetro searchU en viewLogs.php, el parámetro id en GetXmlHost.php, el parámetro chartId en ExportCSVServiceData.php, el parámetro searchCurve en listComponentTemplates.php o el parámetro host_id en makeXML_ListMetrics.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html https://github.com/centreon/centreon/pull/6250 https://github.com/centreon/centreon/pull/6251 https://github.com/centreon/centreon/pull/6255 https://github.com/centreon/centreon/pull/6256 https://github.com/centreon/centreon/pull/6257 https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2018-11587
https://notcve.org/view.php?id=CVE-2018-11587
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Hay una ejecución remota de código en Centreon 3.4.6, incluyendo Centreon Web 2.8.23 mediante el valor RPN en el formulario Virtual Metric en centreonGraph.class.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html https://github.com/centreon/centreon/pull/6263 https://github.com/centreon/centreon/releases • CWE-94: Improper Control of Generation of Code ('Code Injection') •