Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Centreon Web on Central Server by Centreon

    CVE-2026-2751 (GCVE-0-2026-2751)

    Vulnerability from nvd – Published: 2026-02-27 13:33 – Updated: 2026-02-27 14:26
    VLAI
    Title
    Blind SQL Injection
    Summary
    Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Blind SQL Injection via unsanitized array keys in Service Dependencies deletion.
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Centreon Centreon Web on Central Server Affected: 25.10; 24.10;24.04 , < 25.10.8, 24.10.20, 24.04.24 (custom)
    Create a notification for this product.
    Date Public
    2026-02-27 13:31
    Credits
    Texugo from Hakaï Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T14:25:27.597975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T14:26:21.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://download.centreon.com",
              "defaultStatus": "unaffected",
              "modules": [
                "Service Dependencies"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "Centreon Web on Central Server",
              "vendor": "Centreon",
              "versions": [
                {
                  "lessThan": "25.10.8, 24.10.20, 24.04.24",
                  "status": "affected",
                  "version": "25.10; 24.10;24.04",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Texugo from Haka\u00ef Security"
            }
          ],
          "datePublic": "2026-02-27T13:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.\u003cp\u003eThis issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.\u003c/p\u003e"
                }
              ],
              "value": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-7",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-7 Blind SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion.",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T13:43:22.569Z",
            "orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
            "shortName": "Centreon"
          },
          "references": [
            {
              "url": "https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Blind SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
        "assignerShortName": "Centreon",
        "cveId": "CVE-2026-2751",
        "datePublished": "2026-02-27T13:33:44.787Z",
        "dateReserved": "2026-02-19T14:25:19.973Z",
        "dateUpdated": "2026-02-27T14:26:21.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-2751 (GCVE-0-2026-2751)

    Vulnerability from cvelistv5 – Published: 2026-02-27 13:33 – Updated: 2026-02-27 14:26
    VLAI
    Title
    Blind SQL Injection
    Summary
    Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Blind SQL Injection via unsanitized array keys in Service Dependencies deletion.
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Centreon Centreon Web on Central Server Affected: 25.10; 24.10;24.04 , < 25.10.8, 24.10.20, 24.04.24 (custom)
    Create a notification for this product.
    Date Public
    2026-02-27 13:31
    Credits
    Texugo from Hakaï Security
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-2751",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-27T14:25:27.597975Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-89",
                    "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-27T14:26:21.910Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://download.centreon.com",
              "defaultStatus": "unaffected",
              "modules": [
                "Service Dependencies"
              ],
              "platforms": [
                "Linux"
              ],
              "product": "Centreon Web on Central Server",
              "vendor": "Centreon",
              "versions": [
                {
                  "lessThan": "25.10.8, 24.10.20, 24.04.24",
                  "status": "affected",
                  "version": "25.10; 24.10;24.04",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Texugo from Haka\u00ef Security"
            }
          ],
          "datePublic": "2026-02-27T13:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.\u003cp\u003eThis issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24.\u003c/p\u003e"
                }
              ],
              "value": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-7",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-7 Blind SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Blind SQL Injection via unsanitized array keys in Service Dependencies deletion.",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-27T13:43:22.569Z",
            "orgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
            "shortName": "Centreon"
          },
          "references": [
            {
              "url": "https://https://thewatch.centreon.com/latest-security-bulletins-64/cve-2026-2751-centreon-web-high-severity-5504"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Blind SQL Injection",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bd4443e6-1eef-43f3-9886-25fc9ceeaae7",
        "assignerShortName": "Centreon",
        "cveId": "CVE-2026-2751",
        "datePublished": "2026-02-27T13:33:44.787Z",
        "dateReserved": "2026-02-19T14:25:19.973Z",
        "dateUpdated": "2026-02-27T14:26:21.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }