Shodan
Vulnerabilities
Vulnerable Software
Centreon:  Security Vulnerabilities
CVE-2018-21025
In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-10-08
CVE-2019-16194
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2019-09-25
CVE-2019-13024
Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands).
CVSS Score
8.8
EPSS Score
0.651
Published
2019-07-01
CVE-2018-19311
Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-11-16
CVE-2018-19312
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-11-16
CVE-2018-19280
Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro.
CVSS Score
6.1
EPSS Score
0.001
Published
2018-11-14
CVE-2018-19281
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-11-14
CVE-2018-19271
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-11-14
CVE-2018-11587
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
CVSS Score
9.8
EPSS Score
0.011
Published
2018-06-25
CVE-2018-11588
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2018-06-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved