Skip to main content

Centreon

37 CVEs product

Monthly

CVE-2024-39843 MEDIUM This Month

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.1
6.7
EPSS
2.2%
CVE-2024-39842 HIGH This Week

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2022-3827 PHP CRITICAL PATCH Act Now

A vulnerability was found in centreon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Centreon
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-39988 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-40044 PHP MEDIUM POC PATCH This Month

Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-40043 PHP HIGH POC PATCH This Week

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-36194 MEDIUM POC This Month

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-34872 MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2022-34871 HIGH This Week

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2021-37558 CRITICAL POC PATCH Act Now

A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Centreon
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-37557 HIGH POC PATCH THREAT This Week

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Centreon
NVD GitHub
CVSS 3.1
8.8
EPSS
29.4%
CVE-2021-37556 HIGH POC PATCH THREAT This Week

A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Centreon
NVD GitHub
CVSS 3.1
8.8
EPSS
29.4%
CVE-2021-28053 HIGH This Week

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-28054 MEDIUM This Month

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Centreon
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-27676 PHP MEDIUM PATCH This Month

Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Centreon
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-28055 PHP MEDIUM PATCH This Month

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Centreon
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-10945 PHP MEDIUM PATCH This Month

Centreon before 19.10.7 exposes Session IDs in server responses. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Centreon Widget Host Monitoring
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-13252 PHP HIGH POC PATCH This Week

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Centreon
NVD GitHub
CVSS 3.1
8.8
EPSS
5.4%
CVE-2020-9463 HIGH POC This Week

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Centreon
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2019-16195 MEDIUM PATCH This Month

Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Centreon
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2019-17501 HIGH POC This Week

Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Centreon
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-16194 PHP CRITICAL PATCH Act Now

SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Centreon
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-13024 HIGH POC THREAT This Week

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Centreon
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
32.2%
CVE-2018-19312 PHP HIGH POC PATCH This Week

Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Centreon
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-19311 PHP MEDIUM POC PATCH This Month

Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Centreon
NVD GitHub
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-19281 PHP CRITICAL PATCH Act Now

Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-19280 PHP MEDIUM PATCH This Month

Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Centreon
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-19271 PHP HIGH POC PATCH This Week

Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Centreon
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-11589 CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Centreon Centreon Web
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-11588 MEDIUM PATCH This Month

Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Centreon Centreon Web
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-11587 PHP CRITICAL PATCH Act Now

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Centreon Centreon Web
NVD GitHub
CVSS 3.0
9.8
EPSS
4.2%
CVE-2015-7672 PHP MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Centreon
NVD GitHub
CVSS 3.0
5.4
EPSS
0.0%
CVE-2015-1561 PHP MEDIUM POC PATCH This Month

The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Centreon
NVD GitHub Exploit-DB
CVSS 2.0
6.5
EPSS
5.2%
CVE-2015-1560 HIGH POC This Week

SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Centreon
NVD GitHub Exploit-DB
CVSS 2.0
7.5
EPSS
3.0%
CVE-2014-3829 CRITICAL POC THREAT Emergency

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.2%.

RCE PHP Code Injection Centreon Centreon Enterprise Server
NVD GitHub Exploit-DB
CVSS 2.0
10.0
EPSS
86.2%
Threat
6.1
CVE-2014-3828 CRITICAL POC THREAT Emergency

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.6%.

PHP SQLi Centreon Centreon Enterprise Server
NVD GitHub Exploit-DB
CVSS 2.0
10.0
EPSS
78.6%
Threat
5.9
CVE-2012-5967 MEDIUM POC This Month

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Centreon
NVD GitHub Exploit-DB
CVSS 2.0
6.5
EPSS
0.2%
EPSS 2% CVSS 6.7
MEDIUM This Month

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability was found in centreon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Centreon
NVD GitHub VulDB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows attackers to execute arbitrary web script or HTML via a crafted payload injected into the Service>Templates service_alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Centreon v20.10.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Centreon
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Centreon
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD
EPSS 2% CVSS 7.2
HIGH This Week

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Centreon
NVD GitHub
EPSS 29% CVSS 8.8
HIGH POC PATCH THREAT This Week

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Centreon
NVD GitHub
EPSS 29% CVSS 8.8
HIGH POC PATCH THREAT This Week

A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Centreon
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Centreon
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Centreon
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Centreon
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Centreon before 19.10.7 exposes Session IDs in server responses. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Centreon Widget Host Monitoring
NVD
EPSS 5% CVSS 8.8
HIGH POC PATCH This Week

Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Centreon
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Centreon
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Centreon before 2.8.30, 18.x before 18.10.8, and 19.x before 19.04.5 allows XSS via myAccount alias and name fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Centreon
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Centreon
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Centreon
NVD GitHub
EPSS 32% CVSS 8.8
HIGH POC THREAT This Week

Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value "init_script"-"Monitoring Engine Binary". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Centreon
NVD GitHub Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.24) allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Centreon
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Centreon
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.27) allows SNMP trap SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Centreon 3.4.x (fixed in Centreon 18.10.0) has XSS via the resource name or macro expression of a poller macro. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Centreon
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Centreon
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Centreon +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Centreon +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP +2
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon web 2.8.27). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Centreon
NVD GitHub
EPSS 5% CVSS 6.5
MEDIUM POC PATCH This Month

The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection PHP Centreon
NVD GitHub Exploit-DB
EPSS 3% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Centreon
NVD GitHub Exploit-DB
EPSS 86% 6.1 CVSS 10.0
CRITICAL POC THREAT Emergency

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 86.2%.

RCE PHP Code Injection +2
NVD GitHub Exploit-DB
EPSS 79% 5.9 CVSS 10.0
CRITICAL POC THREAT Emergency

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 78.6%.

PHP SQLi Centreon +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM POC This Month

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Centreon
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy