VulnerableCode Package Details - pkg:composer/centreon/centreon@20.10.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-51pp-f1tx-97es Aliases: CVE-2021-28053	SQL Injection An issue was discovered in Centreon-Web in Centreon Platform A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.	20.10.1 Affected by 0 other vulnerabilities.
VCID-au78-2fgq-yuex Aliases: CVE-2021-28054	Cross-site Scripting An issue was discovered in Centreon-Web in Centreon Platform A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.	20.10.1 Affected by 0 other vulnerabilities.
VCID-c444-ryqk-vqhx Aliases: CVE-2021-28055 GHSA-7rg4-266c-jqw6	Cross-Site Request Forgery (CSRF) An issue was discovered in Centreon-Web in Centreon Platform The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.	20.10.1 Affected by 0 other vulnerabilities. 20.10.7 Affected by 0 other vulnerabilities.
VCID-qrd5-6c24-auf7 Aliases: CVE-2021-37556	SQL Injection A SQL injection vulnerability in reporting export in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.	20.10.8 Affected by 0 other vulnerabilities. 21.4.2 Affected by 0 other vulnerabilities.
VCID-tq65-7cpg-gbe6 Aliases: CVE-2021-37558	SQL Injection A SQL injection vulnerability in a MediaWiki script in Centreon allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters.	20.10.8 Affected by 0 other vulnerabilities. 21.4.2 Affected by 0 other vulnerabilities.
VCID-wt74-vp5g-qqfu Aliases: CVE-2021-37557	SQL Injection A SQL injection vulnerability in image generation in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.	20.10.8 Affected by 0 other vulnerabilities. 21.4.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-51pp-f1tx-97es
Aliases:
CVE-2021-28053

SQL Injection An issue was discovered in Centreon-Web in Centreon Platform A SQL injection vulnerability in "Configuration > Users > Contacts / Users" allows remote authenticated users to execute arbitrary SQL commands via the Additional Information parameters.

20.10.1
Affected by 0 other vulnerabilities.

VCID-au78-2fgq-yuex
Aliases:
CVE-2021-28054

Cross-site Scripting An issue was discovered in Centreon-Web in Centreon Platform A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter.

20.10.1
Affected by 0 other vulnerabilities.

VCID-c444-ryqk-vqhx
Aliases:
CVE-2021-28055
GHSA-7rg4-266c-jqw6

Cross-Site Request Forgery (CSRF) An issue was discovered in Centreon-Web in Centreon Platform The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.

20.10.1
Affected by 0 other vulnerabilities.

20.10.7
Affected by 0 other vulnerabilities.

VCID-qrd5-6c24-auf7
Aliases:
CVE-2021-37556

SQL Injection A SQL injection vulnerability in reporting export in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/reporting/dashboard/csvExport/csv_HostGroupLogs.php start and end parameters.

20.10.8
Affected by 0 other vulnerabilities.

21.4.2
Affected by 0 other vulnerabilities.

VCID-tq65-7cpg-gbe6
Aliases:
CVE-2021-37558

SQL Injection A SQL injection vulnerability in a MediaWiki script in Centreon allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and service_description parameters.

20.10.8
Affected by 0 other vulnerabilities.

21.4.2
Affected by 0 other vulnerabilities.

VCID-wt74-vp5g-qqfu
Aliases:
CVE-2021-37557

SQL Injection A SQL injection vulnerability in image generation in Centreon allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the include/views/graphs/generateGraphs/generateImage.php index parameter.

20.10.8
Affected by 0 other vulnerabilities.

21.4.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T16:21:02.329002+00:00	GitLab Importer	Affected by	VCID-c444-ryqk-vqhx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-28055.yml	38.6.0
2026-06-02T04:39:34.931553+00:00	GitLab Importer	Affected by	VCID-qrd5-6c24-auf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-37556.yml	38.6.0
2026-06-02T04:39:34.609837+00:00	GitLab Importer	Affected by	VCID-tq65-7cpg-gbe6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-37558.yml	38.6.0
2026-06-02T04:39:34.525027+00:00	GitLab Importer	Affected by	VCID-wt74-vp5g-qqfu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-37557.yml	38.6.0
2026-06-02T04:39:29.786716+00:00	GitLab Importer	Affected by	VCID-au78-2fgq-yuex	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-28054.yml	38.6.0
2026-06-02T04:39:29.751126+00:00	GitLab Importer	Affected by	VCID-51pp-f1tx-97es	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/centreon/centreon/CVE-2021-28053.yml	38.6.0