📦 Centreon Web
by Centreon
🔍 What is Centreon Web?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A critical SQL injection vulnerability in Centreon centreon-web allows authenticated users with high privileges to inject malicious SQL queries when creating virtual metrics. This affects Centreon mon...
This vulnerability allows authenticated users with high privileges in Centreon Web to perform SQL injection via the media upload form. Attackers could execute arbitrary SQL commands, potentially compr...
A SQL injection vulnerability in Centreon Web's updateServiceHost function allows attackers to execute arbitrary SQL commands. This affects all Centreon Web installations running vulnerable versions, ...
A SQL injection vulnerability in the Timeperiod component of Centreon Web allows attackers to execute arbitrary SQL commands. This affects Centreon Web versions 24.04.x before 24.04.3, 23.10.x before ...
This is a cross-site scripting (XSS) vulnerability in Centreon's SNMP sysName OID processing that allows remote code execution. Attackers can inject malicious scripts that execute with service account...
This vulnerability allows authenticated users with high privileges to inject arbitrary operating system commands through backup configuration parameters in Centreon Infra Monitoring. Successful exploi...
This stored XSS vulnerability in Centreon Infra Monitoring allows attackers to inject malicious scripts into web pages through the recurrent downtime scheduler modules. When users view affected pages,...
This OS command injection vulnerability in Centreon Infra Monitoring allows authenticated high-privilege users to inject arbitrary commands into poller reload operations. Attackers could execute syste...
This SQL injection vulnerability in Centreon web's monitoring event logs module allows attackers to manipulate HTTP requests to inject malicious SQL payloads into the database. It affects all Centreon...
A high-privilege user can perform SQL injection attacks through the Meta Service indicator page in Centreon web interface. This vulnerability affects Centreon web versions 24.10.0-24.10.8, 24.04.0-24....
An incorrect authorization vulnerability in Centreon web's API token creation form allows authenticated users to create API tokens with higher privileges than intended. This affects Centreon web insta...
This vulnerability allows reflected cross-site scripting (XSS) in Centreon web interface via malicious SVG file uploads. An authenticated user with elevated privileges can inject JavaScript by manipul...
This SQL injection vulnerability in Centreon's web interface allows high-privileged users to become administrators by manipulating contact form requests. It affects Centreon monitoring software across...
A SQL injection vulnerability in Centreon Web's service configuration functionality allows attackers to execute arbitrary SQL commands. This affects Centreon Web versions 24.04.x before 24.04.3, 23.10...
This SQL injection vulnerability in Centreon's initCurveList function allows authenticated remote attackers to execute arbitrary SQL commands, potentially leading to remote code execution as the apach...
This SQL injection vulnerability in Centreon's updateContactHostCommands function allows authenticated attackers to execute arbitrary SQL commands, potentially leading to remote code execution. Affect...
This SQL injection vulnerability in Centreon's updateLCARelation function allows authenticated remote attackers to execute arbitrary SQL commands, potentially leading to remote code execution. Attacke...
This SQL injection vulnerability in Centreon's updateDirectory function allows authenticated remote attackers to execute arbitrary SQL commands, potentially leading to remote code execution. Affected ...
This stored cross-site scripting (XSS) vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into the Hostgroup configuration page....
This stored XSS vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into the Commands Connectors configuration modules. When othe...
This stored XSS vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into ACL Action access configuration modules. When other user...
This stored XSS vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into host template configuration pages. When other users view...
This stored XSS vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into SNMP traps group configuration modules. When other users...
This stored XSS vulnerability in Centreon Infra Monitoring allows authenticated users with elevated privileges to inject malicious scripts into ACL Resource access configuration modules. When other us...
This stored XSS vulnerability in Centreon Infra Monitoring allows attackers with elevated privileges to inject malicious scripts into SNMP trap manufacturer configuration pages. When other users view ...
A privilege escalation vulnerability in Centreon web allows users with lower privileges to view event logs that should require high privileges. This occurs because Access Control Lists (ACLs) are not ...