Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Centreon_web
(Centreon)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-05-04 | CVE-2021-26804 | Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application. | Centreon_web | 6.5 | ||
| 2019-11-21 | CVE-2019-16405 | Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same. | Centreon_web | 7.2 | ||
| 2019-10-08 | CVE-2019-17107 | minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect. | Centreon_web | 8.8 | ||
| 2019-11-21 | CVE-2019-16406 | Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-autodisco executable file that is launched by cron. | Centreon_web | N/A | ||
| 2020-02-24 | CVE-2019-15299 | An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. This makes it possible to partially bypass authentication. | Centreon_web | N/A | ||
| 2019-11-27 | CVE-2019-15298 | A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr parameter is sent to the page and is not filtered properly. This allows one to inject Linux commands directly. | Centreon_web | N/A | ||
| 2019-11-27 | CVE-2019-15300 | A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly filtered before being passed to the SQL query. | Centreon_web | N/A | ||
| 2019-10-08 | CVE-2019-17108 | Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | Centreon_web | N/A | ||
| 2019-10-08 | CVE-2019-17105 | The token generator in index.php in Centreon Web before 2.8.27 is predictable. | Centreon_web | N/A | ||
| 2019-10-08 | CVE-2018-21023 | getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | Centreon_web | N/A |