RSS   Vulnerabilities for 'Centreon web'   RSS

2018-06-25
 
CVE-2018-11589

CWE-89
 

 
Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php.

 
 
CVE-2018-11588

CWE-79
 

 
Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php.

 
 
CVE-2018-11587

CWE-94
 

 
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.

 

 >>> Vendor: Centreon 2 Products
Centreon
Centreon web


Copyright 2019, cxsecurity.com

 

Back to Top