Centreon

Centreon

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2021-37556

Exploit
  • EPSS 34.33%
  • Veröffentlicht 03.08.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:15:24

A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGro...

8.8

CVE-2021-28053

  • EPSS 0.29%
  • Veröffentlicht 16.07.2021 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:59:02

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information param...

5.4

CVE-2021-28054

  • EPSS 0.05%
  • Veröffentlicht 16.07.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:59:02

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.

5.4

CVE-2021-27676

  • EPSS 0.05%
  • Veröffentlicht 26.05.2021 11:15:08
  • Zuletzt bearbeitet 21.11.2024 05:58:25

Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log in and go to the Configuration ...

6.5

CVE-2021-28055

  • EPSS 0.09%
  • Veröffentlicht 15.04.2021 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:59:03

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.

8.8

CVE-2020-22425

  • EPSS 2.68%
  • Veröffentlicht 15.02.2021 18:15:13
  • Zuletzt bearbeitet 21.11.2024 05:13:16

Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.

4.3

CVE-2020-10945

  • EPSS 0.04%
  • Veröffentlicht 27.05.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 04:56:25

Centreon before 19.10.7 exposes Session IDs in server responses.

9

CVE-2020-13252

Exploit
  • EPSS 3.62%
  • Veröffentlicht 21.05.2020 04:15:10
  • Zuletzt bearbeitet 21.11.2024 05:00:52

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php ...

9

CVE-2019-19699

Exploit
  • EPSS 8.91%
  • Veröffentlicht 06.04.2020 16:15:13
  • Zuletzt bearbeitet 21.11.2024 04:35:13

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executa...

8.8

CVE-2019-19487

  • EPSS 1.57%
  • Veröffentlicht 20.03.2020 03:15:13
  • Zuletzt bearbeitet 21.11.2024 04:34:49

Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.