CVE-2014-3828 Information
Description
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php (2) the sid parameter to views/graphs/GetXmlTree.php (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
Reference
http://seclists.org/fulldisclosure/2014/Oct/78 http://www.kb.cert.org/vuls/id/298796 http://www.securityfocus.com/bid/70648 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90diff-e328097503b14fbb117e0db798aefcde
Share on: