Skip to main content
CVE-2018-11589 CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Centreon Centreon Web
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-11587 CRITICAL PATCH Act Now

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Centreon Centreon Web
NVD GitHub
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-8755 CRITICAL Act Now

NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file without credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wr644Gacv Firmware
NVD
CVSS 3.0
9.8
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy