An issue was discovered in Centreon before 2.8.30, 18.10.8, 19.04.5, and 19.10.2. SQL Injection exists via the include/monitoring/status/Hosts/xml/hostXML.php instance parameter.
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html
documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html
github.com/centreon/centreon/pull/8063