Centreon Centreon_web

56 CVEs affecting Centreon Centreon_web. Latest disclosed: 2026-02-27. Critical: 9, High: 29.

Top CVEs affecting Centreon Centreon_web
CVESeverityScorePublishedSummary
CVE-2024-32501Critical9.82024-08-23A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23…
CVE-2018-11589Critical9.82018-06-25Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id paramete…
CVE-2018-11587Critical9.82018-06-25There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
CVE-2023-51633Critical9.62024-05-03Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected ins…
CVE-2024-55573Critical9.12025-01-23An issue was discovered in Centreon centreon-web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with…
CVE-2024-53923Critical9.12025-01-23An issue was discovered in Centreon Web 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24. A user with high priv…
CVE-2024-33854Critical9.12024-08-23A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19…
CVE-2024-33853Critical9.12024-08-23A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and…
CVE-2024-33852Critical9.12024-08-23A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22…
CVE-2025-6791High8.82025-08-22In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Spec…
CVE-2024-39841High8.82024-08-23A SQL Injection vulnerability exists in the service configuration functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before…
CVE-2024-5725High8.82024-08-21Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected inst…
CVE-2024-5723High8.82024-08-21Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected…
CVE-2024-23119High8.82024-04-01Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affecte…
CVE-2024-0637High8.82024-04-01Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected in…
CVE-2019-15299High8.82020-02-24An issue was discovered in Centreon Web through 19.04.3. When a user changes his password on his profile page, the contact_autologin_key field in the database…
CVE-2019-15300High8.82019-11-27A problem was found in Centreon Web through 19.04.3. An authenticated SQL injection is present in the page include/Administration/parameters/ldap/xml/ldap_host…
CVE-2019-15298High8.82019-11-27A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/fo…
CVE-2019-17107High8.82019-10-08minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sou…
CVE-2018-21023High8.82019-10-08getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.