CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19486
https://notcve.org/view.php?id=CVE-2019-19486
Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test. Una Inclusión de Archivos Local en el archivo minPlayCommand.php en Centreon (versiones 19.04.4 y por debajo), permite a un atacante saltar rutas por medio de una prueba de plugin. • https://medium.com/%40mucomplex/undisclosed-cve-2019-19484-cve-2019-19486-cve-2019-19487-b46b97c930cd • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19487
https://notcve.org/view.php?id=CVE-2019-19487
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. Una Inyección de Comandos en el archivo minPlayCommand.php en Centreon (versiones 19.04.4 y por debajo), permite a un atacante lograr una inyección de comandos por medio de una prueba de plugin. • https://medium.com/%40mucomplex/undisclosed-cve-2019-19484-cve-2019-19486-cve-2019-19487-b46b97c930cd • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17646
https://notcve.org/view.php?id=CVE-2019-17646
An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=listByService. Se detectó un problema en Centreon versiones anteriores a 18.10.8, 19.04.5 y 19.10.2. Proporciona información confidencial por medio de una petición directa no autenticada para api/external.php? • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-8 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-5 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html#centreon-web-19-10-2 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html https://github.com/centreon/centreon/pull/8021 • CWE-425: Direct Request ('Forced Browsing') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17647
https://notcve.org/view.php?id=CVE-2019-17647
An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter. Se detectó un problema en Centreon versiones anteriores a 2.8.30, 18.10.8, 19.04.5 y 19.10.2. Se presenta una inyección SQL por medio del parámetro instance del archivo include/monitoring/status/Hosts/xml/hostXML.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html#centreon-web-18-10-8 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html#centreon-web-19-04-5 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html#centreon-web-19-10-2 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html https://documentation.centreon.com/docs/centreon/en/latest/ • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17642
https://notcve.org/view.php?id=CVE-2019-17642
An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin. Se detectó un problema en Centreon versiones anteriores a 18.10.8, 19.10.1 y 19.04.2. Permite un ataque de tipo CSRF con una ejecución de comando remoto resultante por medio de metacaracteres de shell en una POST en el archivo centreon-autodiscovery-server/views/scan/ajax/call.php en el plugin Autodiscovery. • https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.10/centreon-auto-discovery-19.10.1.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-352: Cross-Site Request Forgery (CSRF) •