Centreon

Centreon Web

58 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2024-0637

  • EPSS 78.71%
  • Veröffentlicht 01.04.2024 22:15:11
  • Zuletzt bearbeitet 07.08.2025 17:21:34

Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The spe...

6.5

CVE-2021-26804

  • EPSS 0.27%
  • Veröffentlicht 04.05.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:56:50

Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the applicati...

8.8

CVE-2019-15299

  • EPSS 0.06%
  • Veröffentlicht 24.02.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 04:28:24

An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentica...

8.8

CVE-2019-15300

  • EPSS 0.27%
  • Veröffentlicht 27.11.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:28:24

A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query.

8.8

CVE-2019-15298

  • EPSS 8.51%
  • Veröffentlicht 27.11.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:28:24

A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mib...

7.8

CVE-2019-16406

Exploit
  • EPSS 0.04%
  • Veröffentlicht 21.11.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:30:39

Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron...

9

CVE-2019-16405

Exploit
  • EPSS 8.56%
  • Veröffentlicht 21.11.2019 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:30:38

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to...

5.3

CVE-2019-17105

  • EPSS 0.06%
  • Veröffentlicht 08.10.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 04:31:42

The token generator in index.php in Centreon Web before 2.8.27 is predictable.

6.1

CVE-2019-17108

Exploit
  • EPSS 0.09%
  • Veröffentlicht 08.10.2019 13:15:15
  • Zuletzt bearbeitet 21.11.2024 04:31:42

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.

8.8

CVE-2019-17107

Exploit
  • EPSS 1.61%
  • Veröffentlicht 08.10.2019 13:15:15
  • Zuletzt bearbeitet 21.11.2024 04:31:42

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.