Summary
Centreon and Centreon Enterprise Server are prone to multiple SQL- injection vulnerabilities.
Impact
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Solution
Updates are available
Insight
Centreon fails to sufficiently sanitize user-supplied data.
Affected
The following products are vulnerable:
Centreon 2.5.1 and prior versions
Centreon Enterprise Server 2.2 and prior versions
Detection
Send a special crafted HTTP GET request and check the response.
References
Severity
Classification
-
CVE CVE-2014-3828, CVE-2014-3829 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- ASUS RT56U Router Multiple Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
- ActualAnalyzer Lite 'ant' Cookie Parameter Remote Command Execution Vulnerability
- AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability