Centreon Web vulnerabilities
57 known vulnerabilities affecting centreon/centreon_web.
Total CVEs
57
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH27MEDIUM22
Vulnerabilities
Page 1 of 3
CVE-2024-0637P1HIGHCVSS 8.8fixed in 22.04.19≥ 22.10.2, < 22.10.17+2 more2024-04-01
CVE-2024-0637 [HIGH] CWE-89 CVE-2024-0637: Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allow
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateDirectory function. The issue results from the lack of proper validatio
nvd
CVE-2025-5946P2HIGHCVSS 7.2PoC≥ 23.10.0, < 23.10.28≥ 24.04.0, < 24.04.18+1 more2025-10-14
CVE-2025-5946 [HIGH] CWE-78 CVE-2025-5946: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Poller reload setup in the configuration modules) allows OS Command Injection.
On the poller parameters page, a user with high privilege is able to concatenate custom instructions into the poller reload command.
This iss
nvd
CVE-2019-16405P2HIGHCVSS 7.2PoCfixed in 2.8.30≥ 18.10.0, < 18.10.8+2 more2019-11-21
CVE-2019-16405 [HIGH] CVE-2019-16405: Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.
Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.
nvd
CVE-2024-5725P2HIGHCVSS 8.8fixed in 22.10.23≥ 23.04.0, < 23.04.19+2 more2024-08-21
CVE-2024-5725 [HIGH] CWE-89 CVE-2024-5725: Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows
Centreon initCurveList SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the initCurveList function. The issue results from the lack of proper validation of
nvd
CVE-2024-5723P2HIGHCVSS 8.8fixed in 22.04.24≥ 22.10.0, < 22.10.22+2 more2024-08-21
CVE-2024-5723 [HIGH] CWE-89 CVE-2024-5723: Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability all
Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateServiceHost function. The issue results from the lack of proper valid
nvd
CVE-2024-23115P2HIGHCVSS 7.2fixed in 22.04.19≥ 22.10.2, < 22.10.17+2 more2024-04-01
CVE-2024-23115 [HIGH] CWE-89 CVE-2024-23115: Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows r
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateGroups function. The issue results from the lack of proper validation of
nvd
CVE-2024-23118P2HIGHCVSS 7.2fixed in 22.04.19≥ 22.10.2, < 22.10.17+2 more2024-04-01
CVE-2024-23118 [HIGH] CWE-89 CVE-2024-23118: Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerabi
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateContactHostCommands function. The issue results from the la
nvd
CVE-2024-23117P2HIGHCVSS 7.2fixed in 22.04.19≥ 22.10.2, < 22.10.17+2 more2024-04-01
CVE-2024-23117 [HIGH] CWE-89 CVE-2024-23117: Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulner
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateContactServiceCommands function. The issue results from
nvd
CVE-2024-23116P2HIGHCVSS 7.2fixed in 22.04.19≥ 22.10.2, < 22.10.17+2 more2024-04-01
CVE-2024-23116 [HIGH] CWE-89 CVE-2024-23116: Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability all
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the updateLCARelation function. The issue results from the lack of proper val
nvd
CVE-2024-32501P2CRITICALCVSS 9.8≥ 22.10.0, < 22.10.23≥ 23.04.0, < 23.04.19+2 more2024-08-23
CVE-2024-32501 [CRITICAL] CWE-89 CVE-2024-32501: A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x
A SQL Injection vulnerability exists in the updateServiceHost functionality in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
nvd
CVE-2025-5965P2HIGHCVSS 7.2≥ 24.04.0, < 24.04.19≥ 24.10.0, < 24.10.15+1 more2026-01-05
CVE-2025-5965 [HIGH] CWE-78 CVE-2025-5965: In the backup parameters, a user with high privilege is able to concatenate custom instructions to t
In the backup parameters, a user with high privilege is able to concatenate custom instructions to the backup setup. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Centreon Infra Monitoring (Backup configuration in the administration setup modules) allows OS Command Injection.This issue affects
nvd
CVE-2019-15298P2HIGHCVSS 8.8≥ 2.8.1, < 2.8.30≥ 18.10.0, < 18.10.8+2 more2019-11-27
CVE-2019-15298 [HIGH] CWE-78 CVE-2019-15298: A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present i
A problem was found in Centreon Web through 19.04.3. An authenticated command injection is present in the page include/configuration/configObject/traps-mibs/formMibs.php. This page is called from the Centreon administration interface. This is the mibs management feature that contains a file filing form. At the time of submission of a file, the mnftr pa
nvd
CVE-2024-23119P2HIGHCVSS 8.8fixed in 22.04.19≥ 22.10.2, < 22.10.17+2 more2024-04-01
CVE-2024-23119 [HIGH] CWE-89 CVE-2024-23119: Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability a
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.
The specific flaw exists within the insertGraphTemplate function. The issue results from the lack of proper
nvd
CVE-2026-2751P2CRITICALCVSS 9.8≥ 24.04.0, < 24.04.24.≥ 24.10.0, < 24.10.20+1 more2026-02-27
CVE-2026-2751 [CRITICAL] CWE-89 CVE-2026-2751: Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Ce
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.
nvd
CVE-2012-5967P3MEDIUMCVSS 6.5PoCvfixed in 2.6.02012-12-19
CVE-2012-5967 [MEDIUM] CWE-89 CVE-2012-5967: SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
nvd
CVE-2018-11587P3CRITICALCVSS 9.8v2.8.232018-06-25
CVE-2018-11587 [CRITICAL] CWE-94 CVE-2018-11587: There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in
There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.
nvd
CVE-2024-33852P3CRITICALCVSS 9.1≥ 22.10.0, < 22.10.23≥ 23.04.0, < 23.04.19+2 more2024-08-23
CVE-2024-33852 [CRITICAL] CWE-89 CVE-2024-33852: A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.
A SQL Injection vulnerability exists in the Downtime component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
nvd
CVE-2024-33854P3CRITICALCVSS 9.1≥ 22.10.0, < 22.10.23≥ 23.04.0, < 23.04.19+2 more2024-08-23
CVE-2024-33854 [CRITICAL] CWE-89 CVE-2024-33854: A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before
A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
nvd
CVE-2024-33853P3CRITICALCVSS 9.1≥ 22.10.0, < 22.10.23≥ 23.04.0, < 23.04.19+2 more2024-08-23
CVE-2024-33853 [CRITICAL] CWE-89 CVE-2024-33853: A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.0
A SQL Injection vulnerability exists in the Timeperiod component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.
nvd
CVE-2025-6791P3HIGHCVSS 8.8≥ 23.10.0, < 23.10.26≥ 24.04.0, < 24.04.16+1 more2025-08-22
CVE-2025-6791 [HIGH] CWE-89 CVE-2025-6791: In the monitoring event logs page, it is possible to alter the http request to insert a reflect payl
In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection.This issue affects web: 24.10.0, 24.04.0, 23.10.0.
nvd
1 / 3Next →