CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19281
https://notcve.org/view.php?id=CVE-2018-19281
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0 y Centreon web versión 2.8.27), permite una Inyección SQL de la captura de SNMP. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.27.html https://github.com/centreon/centreon/pull/6627 https://github.com/centreon/centreon/pull/7069 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2018-19271
https://notcve.org/view.php?id=CVE-2018-19271
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. Centreon versiones 3.4.x (corregido en Centreon versión 18.10.0 y Centreon web versión 2.8.28), permite una Inyección SQL por medio del archivo main.php en el parámetro searchH. • http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.28.html https://github.com/centreon/centreon/pull/6625 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11589
https://notcve.org/view.php?id=CVE-2018-11589
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. Múltiples vulnerabilidades de inyección SQL en Centreon 3.4.6, incluyendo Centreon Web 2.8.23, permiten ataques mediante el parámetro searchU en viewLogs.php, el parámetro id en GetXmlHost.php, el parámetro chartId en ExportCSVServiceData.php, el parámetro searchCurve en listComponentTemplates.php o el parámetro host_id en makeXML_ListMetrics.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html https://github.com/centreon/centreon/pull/6250 https://github.com/centreon/centreon/pull/6251 https://github.com/centreon/centreon/pull/6255 https://github.com/centreon/centreon/pull/6256 https://github.com/centreon/centreon/pull/6257 https://github.com/centreon/centreon/releases • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 5%CPEs: 2EXPL: 0CVE-2018-11587
https://notcve.org/view.php?id=CVE-2018-11587
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Hay una ejecución remota de código en Centreon 3.4.6, incluyendo Centreon Web 2.8.23 mediante el valor RPN en el formulario Virtual Metric en centreonGraph.class.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html https://github.com/centreon/centreon/pull/6263 https://github.com/centreon/centreon/releases • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11588
https://notcve.org/view.php?id=CVE-2018-11588
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. Centreon 3.4.6 incluyendo Centreon Web 2.8.23 es vulnerable a que un usuario autenticado inyecte una carga útil en la descripción del nombre de usuario o del comando, lo que resulta en Cross-Site Scripting (XSS) persistente. Esto está relacionado con www/include/core/menu/menu.php y www/include/configuration/configObject/command/formArguments.php. • https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html https://github.com/centreon/centreon/pull/6259 https://github.com/centreon/centreon/pull/6260 https://github.com/centreon/centreon/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •