Shodan
Vulnerabilities
Vulnerable Software
Centreon:  >> Centreon Web  >> 23.10.12  Security Vulnerabilities
CVE-2024-55573
An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to inject SQL into the form used to create virtual metrics.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-01-23
CVE-2024-53923
An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high privileges is able to achieve SQL injection in the form to upload media.
CVSS Score
9.1
EPSS Score
0.0
Published
2025-01-23
CVE-2024-32501
A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVSS Score
9.8
EPSS Score
0.017
Published
2024-08-23
CVE-2024-33852
A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-08-23
CVE-2024-33853
A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-08-23
CVE-2024-33854
A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-08-23
CVE-2024-39841
A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-08-23
CVE-2024-5725
Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the initCurveList function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the apache user. Was ZDI-CAN-22683.
CVSS Score
8.8
EPSS Score
0.303
Published
2024-08-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved