Centreon Centreon_web
56 CVEs affecting Centreon Centreon_web. Latest disclosed: 2026-02-27. Critical: 9, High: 29.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-32501 | Critical | 9.8 | 2024-08-23 | A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23… |
CVE-2018-11589 | Critical | 9.8 | 2018-06-25 | Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id paramete… |
CVE-2018-11587 | Critical | 9.8 | 2018-06-25 | There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. |
CVE-2023-51633 | Critical | 9.6 | 2024-05-03 | Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected ins… |
CVE-2024-55573 | Critical | 9.1 | 2025-01-23 | An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with… |
CVE-2024-53923 | Critical | 9.1 | 2025-01-23 | An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high priv… |
CVE-2024-33854 | Critical | 9.1 | 2024-08-23 | A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19… |
CVE-2024-33853 | Critical | 9.1 | 2024-08-23 | A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and… |
CVE-2024-33852 | Critical | 9.1 | 2024-08-23 | A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22… |
CVE-2025-6791 | High | 8.8 | 2025-08-22 | In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Spec… |
CVE-2024-39841 | High | 8.8 | 2024-08-23 | A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before… |
CVE-2024-5725 | High | 8.8 | 2024-08-21 | Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected inst… |
CVE-2024-5723 | High | 8.8 | 2024-08-21 | Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected… |
CVE-2024-23119 | High | 8.8 | 2024-04-01 | Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte… |
CVE-2024-0637 | High | 8.8 | 2024-04-01 | Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected in… |
CVE-2019-15299 | High | 8.8 | 2020-02-24 | An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database… |
CVE-2019-15300 | High | 8.8 | 2019-11-27 | A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host… |
CVE-2019-15298 | High | 8.8 | 2019-11-27 | A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/fo… |
CVE-2019-17107 | High | 8.8 | 2019-10-08 | minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sou… |
CVE-2018-21023 | High | 8.8 | 2019-10-08 | getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. |