Latest centreon centreon web Vulnerabilities

CVE-2021-26804
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administra...
Centreon Centreon Web=19.10.18
Centreon Centreon Web=20.04.8
Centreon Centreon Web=20.10.2
CVE-2019-15299
Centreon Centreon Web<=19.04.3
CVE-2019-15300
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly ...
Centreon Centreon Web>=2.8.1<2.8.30
Centreon Centreon Web>=19.04.0<19.04.5
Centreon Centreon Web>=19.10.0<19.10.2
CVE-2019-15298
A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the ...
Centreon Centreon Web>=2.8.1<2.8.30
Centreon Centreon Web>=18.10.0<18.10.8
Centreon Centreon Web>=19.04.0<19.04.5
Centreon Centreon Web>=19.10.0<19.10.2
CVE-2019-16406
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon-...
Centreon Centreon Web=19.04.4
CVE-2019-16405
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings...
Centreon Centreon Web<2.8.30
Centreon Centreon Web>=18.10.0<18.10.8
Centreon Centreon Web>=19.04.0<19.04.5
Centreon Centreon Web>=19.10.0<19.10.2
CVE-2019-17105
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
Centreon Centreon Web>=2.8<2.8.27
Centreon Centreon Web>=18.10.0<18.10.5
CVE-2019-17108
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
Centreon Centreon Web>=2.8<2.8.28
Centreon Centreon Web>=18.10.0<18.10.5
CVE-2019-17106
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
Centreon Centreon Web<=2.8.29
CVE-2019-17107
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this,...
Centreon Centreon Web>=2.8<2.8.27
Centreon Centreon Web>=18.10.0<18.10.4
CVE-2018-21021
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
Centreon Centreon Web<2.8.27
CVE-2018-21023
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
Centreon Centreon Web>=2.8<2.8.28
Centreon Centreon Web>=18.10.0<18.10.5
CVE-2018-21020
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
Centreon Centreon Web<2.8.27
CVE-2018-21022
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
Centreon Centreon Web<2.8.28
CVE-2018-11589
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId paramete...
Centreon Centreon=3.4.6
Centreon Centreon Web=2.8.23
CVE-2018-11588
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/includ...
Centreon Centreon=3.4.6
Centreon Centreon Web=2.8.23

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203