GCVE - cpe:2.3:a:centreon:centreon:3.4.6:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:centreon:centreon:3.4.6:*:*:*:*:*:*:*

part: a version: 3.4.6 update: *

Vendor	Centreon (`e01a1192-018f-55df-98f2-b9707fac306d`)
Product	Centreon (`df868b4a-5b4d-57ce-b7fd-3c898153f558`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/centreon/centreon`	purl2cpe	2026-06-01 10:10:56.329638

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-19271`	vulnerable	2026-06-03 14:38:29.103058	Details available Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. Published: 2018-11-14T11:00:00.000Z Updated: 2024-08-05T11:30:04.188Z Open on db.gcve.eu Reference links http://www.rootlabs.com.br/authenticated-sql-injection-in-centreon-3-4-x/ https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.0.html https://github.com/centreon/centreon/pull/6625 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.28.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11589`	vulnerable	2026-06-03 14:38:01.718352	Details available Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php, the id parameter in GetXmlHost.php, the chartId parameter in ExportCSVServiceData.php, the searchCurve parameter in listComponentTemplates.php, or the host_id parameter in makeXML_ListMetrics.php. Published: 2018-06-25T18:00:00.000Z Updated: 2024-08-05T08:10:14.875Z Open on db.gcve.eu Reference links https://github.com/centreon/centreon/pull/6250 https://github.com/centreon/centreon/pull/6257 https://github.com/centreon/centreon/pull/6251 https://github.com/centreon/centreon/pull/6256 https://github.com/centreon/centreon/releases	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11588`	vulnerable	2026-06-03 14:38:01.717930	Details available Centreon 3.4.6 including Centreon Web 2.8.23 is vulnerable to an authenticated user injecting a payload into the username or command description, resulting in stored XSS. This is related to www/include/core/menu/menu.php and www/include/configuration/configObject/command/formArguments.php. Published: 2018-06-25T18:00:00.000Z Updated: 2024-08-05T08:10:14.850Z Open on db.gcve.eu Reference links https://github.com/centreon/centreon/releases https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html https://github.com/centreon/centreon/pull/6260 https://github.com/centreon/centreon/pull/6259	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11587`	vulnerable	2026-06-03 14:38:01.716786	Details available There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php. Published: 2018-06-25T18:00:00.000Z Updated: 2024-08-05T08:10:14.638Z Open on db.gcve.eu Reference links https://github.com/centreon/centreon/pull/6263 https://github.com/centreon/centreon/releases https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.