Centreon: >> Centreon Web >> 2.8.23 Security Vulnerabilities
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
CVSS Score
6.1
EPSS Score
0.001
Published
2019-10-08
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place.
CVSS Score
7.5
EPSS Score
0.001
Published
2019-10-08
img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-10-08
makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-10-08
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-10-08
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
CVSS Score
9.8
EPSS Score
0.011
Published
2018-06-25
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-06-25
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-06-25
Page 2