Centreon

Centreon

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-3827

  • EPSS 0.36%
  • Veröffentlicht 02.11.2022 13:15:18
  • Zuletzt bearbeitet 21.11.2024 07:20:19

A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulation of the argument cg_id leads to sql injection. The...

5.4

CVE-2022-39988

Exploit
  • EPSS 0.18%
  • Veröffentlicht 06.10.2022 18:16:19
  • Zuletzt bearbeitet 21.11.2024 07:18:36

A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias parameter.

5.4

CVE-2022-40044

Exploit
  • EPSS 0.16%
  • Veröffentlicht 26.09.2022 16:15:14
  • Zuletzt bearbeitet 21.05.2025 16:15:29

Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability allows attackers to execute arbitrary web scripts or H...

8.8

CVE-2022-40043

Exploit
  • EPSS 0.78%
  • Veröffentlicht 26.09.2022 16:15:13
  • Zuletzt bearbeitet 21.05.2025 16:15:29

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.

5.4

CVE-2022-36194

Exploit
  • EPSS 0.16%
  • Veröffentlicht 29.08.2022 06:15:09
  • Zuletzt bearbeitet 21.11.2024 07:12:34

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.

6.5

CVE-2022-34872

  • EPSS 0.47%
  • Veröffentlicht 03.08.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:10:20

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue...

7.2

CVE-2022-34871

  • EPSS 3.66%
  • Veröffentlicht 03.08.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 07:10:20

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue result...

9

CVE-2020-22345

Exploit
  • EPSS 20.17%
  • Veröffentlicht 18.08.2021 21:15:06
  • Zuletzt bearbeitet 21.11.2024 05:13:15

/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.

9.8

CVE-2021-37558

Exploit
  • EPSS 2.06%
  • Veröffentlicht 03.08.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:15:24

A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters. The vulnerability ca...

8.8

CVE-2021-37557

Exploit
  • EPSS 34.33%
  • Veröffentlicht 03.08.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:15:24

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage...