Critical
CVE-2026-2750
Improper Input Validation vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centreon Open Tickets modules).This issue affects Centreon Open Tickets on Central Server: from a…
Tag: Centreon
All CVEs associated with "Centreon". Page 1/2 • 137 CVEs.
About “Centreon”
A curated feed of “Centreon”-related CVEs appears below. We currently track 137 CVEs for this tag (all time). In the last 365 days, 25 were published. Average CVSS is 7.7 (all time; 7.5 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
In our taxonomy this topic maps to a LOW impact class. Logging and monitoring stacks may expose dashboards or collectors. Patch services, enforce auth and TLS, restrict admin endpoints, rotate tokens, and review data retention. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: centreon
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | Extended Support | EOL | LTS |
|---|---|---|---|---|---|
| 25.10 | 25.10.12 | ||||
| 24.10 | 24.10.25 | ||||
| 24.04 | 24.04.26 | Expired | |||
| 23.10 | 23.10.29 | Expired | |||
| 23.04 | 23.04.30 | Expired | |||
| 22.10 | 22.10.31 | Expired | |||
| 22.04 | 22.04.22 | Expired | |||
| 21.10 | 21.10.17 | Expired | |||
| 21.04 | 21.04.20 | Expired | |||
| 20.10 | 20.10.18 | Expired | |||
| 20.04 | 20.04.20 | Expired | |||
| 19.10 | 19.10.23 | Expired | |||
| 19.04 | 19.04.20 | Expired | |||
| 18.10 | 18.10.12 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Centreon” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-02-27
Critical
CVE-2026-2749
Vulnerability in Centreon Centreon Open Tickets on Central Server on Linux (Centroen Open Ticket modules).This issue affects Centreon Open Tickets on Central Server: from all before 25.10.3, 24.10.8,…
High
CVE-2026-2751
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Inje…
2026-01-05
Critical
CVE-2025-15029
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user. Th…
Critical
CVE-2025-15026
Missing Authentication for Critical Function vulnerability in Centreon Infra Monitoring centreon-awie (Awie import module) allows Accessing Functionality Not Properly Constrained by ACLs. This issue…
Medium
CVE-2025-12513
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users wi…
Medium
CVE-2025-12511
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (DSM extenstio configuration modules) allows Stored XSS to use…
Medium
CVE-2025-13056
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored…
Medium
CVE-2025-12519
Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Informa…
High
CVE-2025-5965
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Inj…
2025-12-22
Medium
CVE-2025-8460
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS…
Medium
CVE-2025-54890
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with…
High
CVE-2025-12514
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open ticke…
2025-10-27
Medium
CVE-2025-10023
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users wi…
High
CVE-2025-8432
Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Mo…
2025-10-14
High
CVE-2025-8459
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored…
Medium
CVE-2025-8430
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS…
Medium
CVE-2025-8429
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored XSS b…
Medium
CVE-2025-54893
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored XSS by…
Medium
CVE-2025-8428
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (HTTP Loader widget modules) allows Stored XSS.This issue affect…
High
CVE-2025-5946
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Comm…
Medium
CVE-2025-54892
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by…
Medium
CVE-2025-54891
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS…
Medium
CVE-2025-54889
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XS…
2025-08-22
High
CVE-2025-6791
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQ…
2025-05-13
Medium
CVE-2025-4649
Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page r…
High
CVE-2025-4648
The content of a SVG file, received as input in Centreon web, was not properly checked. Allows Reflected XSS. A user with elevated privileges can inject JS script by altering the content of a SVG m…
High
CVE-2025-4647
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitizatio…
High
CVE-2025-4646
Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
2025-04-24
High
CVE-2025-3872
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. A user with high…
2025-04-22
High
CVE-2025-3767
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon BAM (Boolean KPi Listing modules) allows SQL Injection. This page is only accessible t…
2025-01-23
Critical
CVE-2024-55573
An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL in…
Critical
CVE-2024-53923
An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection…
2024-12-03
High
CVE-2024-45757
An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-pr…
2024-11-25
High
CVE-2024-45756
An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can…
High
CVE-2024-45755
An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can o…
2024-11-22
Medium
CVE-2024-47863
An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the us…
2024-10-11
High
CVE-2024-45754
An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection c…
2024-09-23
Medium
CVE-2024-39843
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.
High
CVE-2024-39842
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.
2024-08-23
High
CVE-2024-39841
A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
Critical
CVE-2024-33854
A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
Critical
CVE-2024-33853
A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
Critical
CVE-2024-33852
A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
Critical
CVE-2024-32501
A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
2024-08-21
High
CVE-2024-5725
Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is…
High
CVE-2024-5723
Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authenticatio…
2024-05-03
Critical
CVE-2023-51633
Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction…
2024-04-01
High
CVE-2024-23119
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authenticat…
High
CVE-2024-23118
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authe…
High
CVE-2024-23117
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Au…
High
CVE-2024-23116
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authenticatio…
High
CVE-2024-23115
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is…
High
CVE-2024-0637
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication…
2023-03-29
High
CVE-2022-42429
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…
High
CVE-2022-42428
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…
High
CVE-2022-42427
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…
High
CVE-2022-42426
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…
High
CVE-2022-42425
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…
High
CVE-2022-42424
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…
2023-01-26
High
CVE-2022-41142
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…
2022-11-02
Medium
CVE-2022-3827
A vulnerability was found in centreon. It has been declared as critical. This vulnerability affects unknown code of the file formContactGroup.php of the component Contact Groups Form. The manipulatio…
2022-10-06
Medium
CVE-2022-39988
A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias paramet…
2022-09-26
Medium
CVE-2022-40044
Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. This vulnerability all…
High
CVE-2022-40043
Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations.
2022-08-29
Medium
CVE-2022-36194
Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.
2022-08-03
Medium
CVE-2022-34872
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists…
High
CVE-2022-34871
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the…
2021-08-18
High
CVE-2020-22345
/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.
2021-08-03
Critical
CVE-2021-37558
A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and s…
High
CVE-2021-37557
A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via th…
High
CVE-2021-37556
A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via th…
2021-07-16
High
CVE-2021-28053
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrar…
Medium
CVE-2021-28054
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web sc…
2021-05-26
Medium
CVE-2021-27676
Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS…
2021-05-04
Medium
CVE-2021-26804
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administr…
2021-04-15
Medium
CVE-2021-28055
An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.
2021-02-15
High
CVE-2020-22425
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
2020-05-27
Medium
CVE-2020-13628
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in v…
Medium
CVE-2020-13627
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in…
Medium
CVE-2020-10946
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in vers…
Medium
CVE-2020-10945
Centreon before 19.10.7 exposes Session IDs in server responses.
2020-05-21
High
CVE-2020-13252
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include…
2020-04-06
High
CVE-2019-19699
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguratio…
2020-03-20
High
CVE-2019-19487
Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test.
Medium
CVE-2019-19486
Local File Inclusion in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to traverse paths via a plugin test.
Medium
CVE-2019-19484
Open redirect via parameter ‘p’ in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior.
2020-03-05
Critical
CVE-2019-17647
An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter.
High
CVE-2019-17646
An issue was discovered in Centreon before 18.10.8, 19.04.5, and 19.10.2. It provides sensitive information via an unauthenticated direct request for api/external.php?object=centreon_metric&action=li…
High
CVE-2019-17645
An issue was discovered in Centreon before 2.8.31, 18.10.9, 19.04.6, and 19.10.3. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/servic…
High
CVE-2019-17642
An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/vi…
2020-03-04
High
CVE-2019-17644
An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/…
High
CVE-2019-17643
An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXM…
2020-02-28
High
CVE-2020-9463
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_rem…
2020-02-24
High
CVE-2019-15299
An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database becomes blank when it should be NULL. Th…
2020-01-16
High
CVE-2019-20327
Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution o…
2019-11-27
High
CVE-2019-15300
A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host.php. The arId parameter is not properly…
High
CVE-2019-15298
A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the…
2019-11-26
Medium
CVE-2019-16195
Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields.
2019-11-21
High
CVE-2019-16406
Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse Centreon…
High
CVE-2019-16405
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location setting…
2019-10-14
High
CVE-2019-17501
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-20…
2019-10-08
Medium
CVE-2019-17105
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
Critical
CVE-2018-21024
licenseUpload.php in Centreon Web before 2.8.27 allows attackers to upload arbitrary files via a POST request.
Medium
CVE-2019-17108
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
High
CVE-2019-17107
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this…
Medium
CVE-2019-17106
In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components.
High
CVE-2019-17104
In Centreon VM through 19.04.3, the cookie configuration within the Apache HTTP Server does not protect against theft because the HTTPOnly flag is not set.
Critical
CVE-2018-21025
In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.
High
CVE-2018-21023
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
High
CVE-2018-21022
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
High
CVE-2018-21021
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
High
CVE-2018-21020
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
2019-09-25
Critical
CVE-2019-16194
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.
2019-07-01
High
CVE-2019-13024
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary"…
2018-11-16
High
CVE-2018-19312
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
Medium
CVE-2018-19311
Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
2018-11-14
Critical
CVE-2018-19281
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
Medium
CVE-2018-19280
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro.
High
CVE-2018-19271
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.