CVE-2018-11589 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in viewLogs.php the id parameter in GetXmlHost.php the chartId parameter in ExportCSVServiceData.php the searchCurve parameter in listComponentTemplates.php or the host_id parameter in makeXML_ListMetrics.php.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html https://github.com/centreon/centreon/pull/6250 https://github.com/centreon/centreon/pull/6251 https://github.com/centreon/centreon/pull/6255 https://github.com/centreon/centreon/pull/6256 https://github.com/centreon/centreon/pull/6257 https://github.com/centreon/centreon/releases

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: