Back to CVE Browser

CVE-2014-3828

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0400%

EPSS Percentile11.46th

PublishedOct 23, 2014

Last ModifiedMay 6, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.

Affected Platforms (CPE)

📦

Merethis

Centreon

= 2.5.1

📦

Merethis

Centreon Enterprise Server

= 2.2

References & Advisories

🔗 http://seclists.org/fulldisclosure/2014/Oct/78

🔗 http://www.kb.cert.org/vuls/id/298796

🔗 http://www.securityfocus.com/bid/70648

🔗 https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html

🔗 https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde

🔗 http://seclists.org/fulldisclosure/2014/Oct/78

🔗 http://www.kb.cert.org/vuls/id/298796

🔗 http://www.securityfocus.com/bid/70648

Related Vulnerabilities

CVE-2014-382910.0

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attacker...

CVE-2009-436810.0

Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) tra...

CVE-2018-115899.8

Multiple SQL injection vulnerabilities in Centreon 3.4.6 including Centreon Web 2.8.23 allow attacks via the searchU parameter in ...

CVE-2018-115879.8

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in cen...