Skip to main content

Centreon Web

39 CVEs product

Monthly

CVE-2026-2751 HIGH This Week

Blind SQL injection in Centreon Web's Service Dependencies module allows authenticated attackers to extract sensitive database information through unsanitized array keys in deletion requests. This vulnerability affects Centreon Web versions before 25.10.8, 24.10.20, and 24.04.24 on Linux systems, requiring valid credentials but no user interaction to exploit. No patch is currently available, leaving affected deployments vulnerable to database reconnaissance and potential data exfiltration.

Linux SQLi Centreon Web
NVD
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-12513 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. [CVSS 6.8 MEDIUM]

XSS Centreon Web
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-13056 MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. [CVSS 6.8 MEDIUM]

XSS Centreon Web
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-12519 MEDIUM PATCH This Month

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. [CVSS 5.3 MEDIUM]

Information Disclosure Centreon Web
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-5965 HIGH PATCH This Week

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. [CVSS 7.2 HIGH]

Command Injection Centreon Web
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-6791 HIGH This Month

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-4650 HIGH This Month

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-4649 MEDIUM Monitor

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centreon Web
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-4648 HIGH This Month

The content of a SVG file, received as input in Centreon web, was not properly checked. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Centreon Web
NVD GitHub
CVSS 3.1
8.4
EPSS
0.3%
CVE-2025-4647 HIGH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Centreon Web
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-4646 HIGH This Month

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.04.0 before 24.04.10, from 24.10.0 before 24.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Centreon Web
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-3872 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2024-55573 CRITICAL This Week

An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2024-53923 CRITICAL This Week

An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-39841 HIGH This Week

A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2024-33854 CRITICAL Act Now

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-33853 CRITICAL Act Now

A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-33852 CRITICAL Act Now

A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2024-32501 CRITICAL Act Now

A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD
CVSS 3.1
9.8
EPSS
19.2%
CVE-2024-5725 HIGH PATCH This Week

Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Apache RCE Centreon Web
NVD
CVSS 3.1
8.8
EPSS
47.6%
CVE-2024-5723 HIGH This Week

Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache RCE Centreon Web
NVD
CVSS 3.1
8.8
EPSS
40.7%
CVE-2024-23119 PHP HIGH PATCH This Week

Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2024-23118 PHP HIGH PATCH This Week

Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
CVSS 3.0
7.2
EPSS
53.4%
CVE-2024-23117 PHP HIGH PATCH This Week

Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
CVSS 3.0
7.2
EPSS
53.4%
CVE-2024-23116 PHP HIGH PATCH This Week

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
CVSS 3.0
7.2
EPSS
53.4%
CVE-2024-23115 PHP HIGH PATCH This Week

Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
CVSS 3.1
7.2
EPSS
67.5%
CVE-2024-0637 PHP HIGH PATCH This Week

Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
CVSS 3.0
8.8
EPSS
72.3%
CVE-2021-26804 MEDIUM This Month

Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centreon Web
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2019-15300 HIGH PATCH This Week

A problem was found in Centreon Web through 19.04.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2019-15298 HIGH This Week

A problem was found in Centreon Web through 19.04.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
26.6%
CVE-2019-16406 HIGH POC This Week

Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

VMware Information Disclosure Centreon Web
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-16405 PHP HIGH POC PATCH THREAT This Week

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Centreon Web
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
27.0%
CVE-2019-17105 MEDIUM PATCH This Month

The token generator in index.php in Centreon Web before 2.8.27 is predictable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Centreon Web
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2019-17108 MEDIUM POC PATCH This Month

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Centreon Web
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2019-17107 HIGH POC PATCH This Week

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Centreon Web
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2019-17106 PHP MEDIUM PATCH This Month

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Centreon Web
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2018-11589 CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Centreon Centreon Web
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-11588 MEDIUM PATCH This Month

Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Centreon Centreon Web
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-11587 PHP CRITICAL PATCH Act Now

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Centreon Centreon Web
NVD GitHub
CVSS 3.0
9.8
EPSS
4.2%
EPSS 0% CVSS 8.3
HIGH This Week

Blind SQL injection in Centreon Web's Service Dependencies module allows authenticated attackers to extract sensitive database information through unsanitized array keys in deletion requests. This vulnerability affects Centreon Web versions before 25.10.8, 24.10.20, and 24.04.24 on Linux systems, requiring valid credentials but no user interaction to exploit. No patch is currently available, leaving affected deployments vulnerable to database reconnaissance and potential data exfiltration.

Linux SQLi Centreon Web
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts configuration form modules) allows Stored XSS to users with high privileges. [CVSS 6.8 MEDIUM]

XSS Centreon Web
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Administration ACL menu configuration modules) allows Stored XSS to users with high privileges. [CVSS 6.8 MEDIUM]

XSS Centreon Web
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Missing Authorization vulnerability in Centreon Infra Monitoring (Administration parameters API endpoint modules) allows Accessing Functionality Not Properly Constrained by ACLs, resulting in Information Disclosure like downtime or acknowledgement configurations. [CVSS 5.3 MEDIUM]

Information Disclosure Centreon Web
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. [CVSS 7.2 HIGH]

Command Injection Centreon Web
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Month

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM Monitor

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centreon Web
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Month

The content of a SVG file, received as input in Centreon web, was not properly checked. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Centreon Web
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Centreon Web
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Month

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.04.0 before 24.04.10, from 24.10.0 before 24.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Centreon Web
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL This Week

An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL This Week

An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD GitHub
EPSS 19% CVSS 9.8
CRITICAL Act Now

A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Centreon Web
NVD
EPSS 48% CVSS 8.8
HIGH PATCH This Week

Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Apache RCE +1
NVD
EPSS 41% CVSS 8.8
HIGH This Week

Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
EPSS 53% CVSS 7.2
HIGH PATCH This Week

Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
EPSS 53% CVSS 7.2
HIGH PATCH This Week

Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
EPSS 53% CVSS 7.2
HIGH PATCH This Week

Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
EPSS 67% CVSS 7.2
HIGH PATCH This Week

Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
EPSS 72% CVSS 8.8
HIGH PATCH This Week

Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi RCE Centreon Web
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centreon Web
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A problem was found in Centreon Web through 19.04.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Centreon Web
NVD GitHub
EPSS 27% CVSS 8.8
HIGH This Week

A problem was found in Centreon Web through 19.04.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Centreon Web
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Centreon Web 19.04.4 has weak permissions within the OVA (aka VMware virtual machine) and OVF (aka VirtualBox virtual machine) files, allowing attackers to gain privileges via a Trojan horse. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

VMware Information Disclosure Centreon Web
NVD GitHub
EPSS 27% CVSS 7.2
HIGH POC PATCH THREAT This Week

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Centreon Web
NVD GitHub Exploit-DB
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

The token generator in index.php in Centreon Web before 2.8.27 is predictable. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Centreon Web
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Centreon Web
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC PATCH This Week

minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Centreon Web through 2.8.29, disclosure of external components' passwords allows authenticated attackers to move laterally to external components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Centreon Web
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Centreon +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Centreon +1
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy