Vulnerabilidades en Centreon
51 resultadosCVE-2024-23119HIGHCentreon insertGraphTemplate SQL Injection Remote Code Execution VulnerabilityEPSS 1.4%CVE-2023-51633HIGHCentreon sysName Cross-Site Scripting Remote Code Execution VulnerabilityEPSS 1.1%CVE-2026-2749CRITICALPath traversal in Centreon Open TicketsEPSS 0.5%CVE-2025-4650HIGHUser with high privileges is able to introduce a SQLi using the Meta Service indicator pageEPSS 0.4%CVE-2025-8432HIGHCentreonBI user account on the MBI server can execute commands as root by modifying script runned by the CRONEPSS 0.4%CVE-2025-4646HIGHA high privilege user is able to create and use a valid admin API token in centreon-webEPSS 0.4%CVE-2025-15026CRITICALUnauthenticated configuration import allows administrative account creation using AWIE componentEPSS 0.4%CVE-2025-3872HIGHPrivilege escalation by altering payload in contact formEPSS 0.3%CVE-2025-3767HIGHSQL Injection in Centreon BAM boolean KPI listingEPSS 0.3%CVE-2025-4649MEDIUMACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs.EPSS 0.3%CVE-2025-6791HIGHSecond order SQL injection available to user with low privilegeEPSS 0.3%CVE-2026-2750CRITICALCommand Injection via CLAPI generatetrapsEPSS 0.3%CVE-2026-2751HIGHBlind SQL InjectionEPSS 0.3%CVE-2025-12514HIGHA user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parametersEPSS 0.3%CVE-2025-4647HIGHA user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVGEPSS 0.2%CVE-2025-54891MEDIUMA user with elevated privileges can inject XSS in the ACL Resource Access configuration pageEPSS 0.2%CVE-2025-54892MEDIUMA user with elevated privileges can inject XSS in the SNMP traps group configuration pageEPSS 0.2%CVE-2025-54889MEDIUMA user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration pageEPSS 0.2%CVE-2025-8428MEDIUMXSS found in the HTTP loader widgetEPSS 0.2%CVE-2025-8459HIGHA user with low privileges can inject XSS in the Monitoring Recurrent downtimes pageEPSS 0.2%