Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Very High

CVE-2020-9463

Disclosure Date: February 28, 2020 (last updated February 21, 2025)
Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
1
Attacker Value
Unknown

CVE-2020-22345

Disclosure Date: August 18, 2021 (last updated February 23, 2025)
/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-26804

Disclosure Date: May 04, 2021 (last updated February 22, 2025)
Insecure Permissions in Centreon Web versions 19.10.18, 20.04.8, and 20.10.2 allows remote attackers to bypass validation by changing any file extension to ".gif", then uploading it in the "Administration/ Parameters/ Images" section of the application.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-22425

Disclosure Date: February 15, 2021 (last updated February 22, 2025)
Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-10945

Disclosure Date: May 27, 2020 (last updated February 21, 2025)
Centreon before 19.10.7 exposes Session IDs in server responses.
Attack Vector: Adjacent NetworkPrivileges: NoneUser Interaction: None
0
0