Product:

Centreon_web

(Centreon)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 17
Date Id Summary Products Score Patch Annotated
2019-10-08 CVE-2018-21020 In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. Centreon_web N/A
2019-10-08 CVE-2019-17106 In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. Centreon_web N/A
2019-10-08 CVE-2018-21022 makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. Centreon_web N/A
2019-10-08 CVE-2018-21021 img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. Centreon_web N/A
2018-06-25 CVE-2018-11589 Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. Centreon, Centreon_web 9.8
2018-06-25 CVE-2018-11588 Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. Centreon, Centreon_web 5.4
2018-06-25 CVE-2018-11587 There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Centreon, Centreon_web 9.8