Filtered by vendor Centreon Subscriptions
Total 89 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-6485 1 Centreon 1 Centreon 2024-11-21 N/A
Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 (aka Oreon 1.4) allow remote attackers to execute arbitrary PHP code via a URL in the fileOreonConf parameter to (1) MakeXML.php or (2) MakeXML4statusCounter.php in include/monitoring/engine/.
CVE-2024-45754 1 Centreon 1 Centreon 2024-10-15 7.2 High
An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection can occur in the listing of configured reporting jobs. Exploitation is only accessible to authenticated users with high-privileged access.
CVE-2024-39842 1 Centreon 1 Centreon 2024-09-26 7.2 High
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via user massive changes inputs.
CVE-2024-39843 1 Centreon 1 Centreon 2024-09-26 6.7 Medium
A SQL injection vulnerability in Centreon 24.04.2 allows a remote high-privileged attacker to execute arbitrary SQL command via create user form inputs.
CVE-2024-33854 1 Centreon 1 Centreon Web 2024-08-27 9.1 Critical
A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVE-2024-32501 1 Centreon 1 Centreon 2024-08-27 9.8 Critical
A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVE-2024-33853 1 Centreon 1 Centreon Web 2024-08-23 9.1 Critical
A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVE-2024-33852 1 Centreon 1 Centreon Web 2024-08-23 9.1 Critical
A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
CVE-2024-39841 1 Centreon 1 Centreon Web 2024-08-23 8.8 High
A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.